An Australian internet industry veteran has been terrorised with web-based attacks and death threats for two weeks after he exposed fraudulent practices in the domain name industry.
Melbourne-based Michael Gilmour says Victoria Police and the Australian Federal Police refused to act as his websites, and the attackers looking to silence him, are outside Australia.
But CERT Australia, the computer security organisation based in the Attorney-General's department, has confirmed it is looking into the matter. Police also referred Gilmour to the US Secret Service, which he claims has taken evidence and begun an investigation.
Gilmour, who has worked in the internet industry for two decades including as the vice-chairman of the Internet Industry Association, now runs a company called Park Logic.
The company connects advertisers with owners of internet domain names who rather than using them for any particular purpose instead opt to "park" the websites and load them up with ads.
Large amounts of revenue can be generated from people finding the sites via search engines or by typing the address into their browser. Examples of current parked domain names include mobilephones.com, freefonetones.com and jewellery.com.
An example of a parked domain - no content, just a portal for advertising.
A major issue that is emerging in Gilmour's industry is the practice of unscrupulous domain name owners directing botnets of thousands of infected computers to repeatedly click on ads on their parked websites. This is known as fraudulent traffic and Gilmour is concerned because it brings down advertising rates for all players as the thousands of clicks are artificial and don't result in any purchases.
"They write little applications which can click on advertising - Google and Yahoo's business models are based on pay per click," he explained.
"It devalues the whole industry. If someone pumps fraudulent traffic through our network then it devalues the quality traffic."
Gilmour set about exposing the practice on his blog, deciding not to name and shame people in the first instance. He estimates that the fraudulent behaviour is worth about $500 million and the huge sums involved meant he was immediately targeted.
He began receiving threats from people who said they would kill him if he didn't take down his blog. The attackers also knocked all of his websites offline by flooding them with traffic in what is known as a distributed denial of service (DDoS) attack.
"I wrote about this and someone decided to take exception and they fired off a DDoS attack against my blog which took it down; they then fired off a DDoS attack against my company's website, then moved back to michaelgilmour.com which points to my blog and I've been under DDoS attack for the last two weeks," said Gilmour.
Australia's national Computer Emergency Response Team, known as CERT Australia, confirmed it had been in contact with Gilmour about the attacks but would not comment further on the specific incident.
Asked whether he believed the death threats were a real threat to his safety or just keyboard warriors blowing off steam, Gilmour said "a threat's a threat" and that Victoria Police encouraged him to take it seriously.
"It has not been the most pleasant experience for my wife, my kids and myself," he said.
Jurisdictional issues meant there was little local police could do but Gilmour says he was referred to the US Secret Service, which collected evidence from him including his website logs. Gilmour's sites and his attackers are US-based and he believes the Secret Service took an interest as part of its ongoing efforts around cyber crime.
"I was more than a little surprised by them investigating it ... my understanding is that since I received a death threat that changes the whole issue by an order of magnitude," he said.
The US Secret Service did not return a call requesting comment.
Via - SMH.com
PickyDomains.com is world's first risk-free naming service. We already helped to find a business name for 1500+ clients and the best part - you pay ONLY if you like our work, so there is no risk involved.