…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.

a

Our company’s focus is on detecting affiliates that are violating their agreements with their merchants. These agreements typically disallow very specific activities (purchasing the merchant’s trademarked terms on paid search).

We certainly want to provide detailed insights to our customers but we also want to be careful of teaching would-be-abusers how to improve their techniques. This balancing act is a challenging one for us and up until now we’ve kept any discussion of the advanced techniques used mostly out of public discourse.

We decided to change that, and have posted our first detailed discussion of a technique used by affiliates to evade detection to BrandVerity’s blog. We also sent a more detailed version of this post to our customers before the post went live on our website.

Over time, we’ve seen the techniques used become more advanced and more widespread. We’ve seen deep and detailed discussions on blackhat forums, and even seen the launch of paid services that assist new abusers.

We haven’t seen a commensurate increase in industry awareness. The discussions on most whitehat forums continue to focus on the more basic techniques, and there is little to no discussion of them in educational resources available. Our intentions aren’t entirely selfless - we expect these posts to not only raise awareness of the techniques, but also to increase awareness of who we are and what we do. But that incentive has always been there and if anything is less impactful now than it might have been earlier in our growth. Ultimately, we felt that we have recently seen a shift in the balance of information too far in favor of the abuser.

a