Hackers doctored page impressions

Wemf Manipulated access figures at Net-Audit lead to tighter controls. Nevertheless, a residual risk remains.

Wemf Manipulated access figures at Net-Audit lead to tighter controls. Now the AG für Werbemedienforschung (Wemf) also has its case of fraud. The fact that the Internet study Net-Audit, which was only launched in February of this year, has been hit casts an ambivalent light on the New Economy. The manipulation came to light at the beginning of September. With the help of a computer program, artificial accesses had been generated for three panel members in the months of June and July. Initially unnoticed by Wemf, page impressions "in the order of around 20,000 per month and site were generated," explains Net-Audit project manager Christine Diemand. For the sites concerned, this resulted in a user increase of a good 10 percent. "This is undoubtedly a serious case," judges Wemf boss René Schmutz.Affected are three relatively small sites, which have little to do with each other: Bluebana, the online event agenda of the Basler Zeitung. EGames, a computer game site jointly operated by eBund and the Bern bookstore Stauffacher, and SwissGuide, a company directory sold by Cablecom to the management in November 2002. With Jürg Dangel, former CEO of Pixelpark Switzerland and founder and chairman of the board of Swiss Online, as a board delegate, SwissGuide was once again in the hands of Swiss web pioneers. At eGames, the artificially generated hits were in the order of magnitude of around 10,000 page impressions.
The perpetrator is caught. According to project manager Christine Diemand, he has drawn attention to himself (see interview). According to his own statements, Wemf boss Schmutz has been in talks with the culprit for "three to four weeks". But Schmutz leaves both the name of the person in question and the nature of his connection to the three affected sites in the dark.
The motive also remains vague at present. However, there are some indications that it was a hacker who wanted to identify weaknesses in Net-Audit. At any rate, this is the reason he gave to Wemf's managing director. "The person in question says he wanted to check whether the system was watertight," Schmutz said.
Expensive fake
And the forger obviously spared no effort for his "evidence". Because it is time-consuming and cost-intensive to realize such manipulated accesses. "The person in question worked for about a week on the program that was used for the manipulation," Schmutz explains.
It must also be taken into account that the more accesses one intends to generate with such software, the more complicated and costly it becomes. This is probably the reason why the fraud did not affect large sites, but rather three websites with comparatively low user numbers. "Only on sites with a rather small audience can a sufficiently large number of page impressions be achieved with the resources used, so that this also results in a considerable percentage increase," explains Diemand.
Abuses can never be completely ruled out, the project manager adds. But after this experience, new protective mechanisms will be installed that should make fraud much more difficult in the future. Corresponding clarifications have already been made with the system developer of Net-Audit. "We will carry out random checks even more intensively than before. And we will increasingly check if a website shows major fluctuations in its page impressions from one month to the next," she adds. However, she does not want to reveal exactly how this will work technically "for our protection.
However, the fact that the discovered hacker can hardly be taken to court seems to be disturbing. "Legally, the facts of the case are not easy to grasp, because the law often lags behind when it comes to new technical developments such as the Internet," explains Schmutz. But it is still too early to make any conclusive statements about the criminal aspects. "The matter is far from settled for us," says the Wemf boss.
Wemf CEO René Schmutz was put in a very tough spot by a hacker.
Daniel Schifferle

More articles on the topic