Skip to main content

Someone may have hacked dozens of university websites for a gambling SEO scheme

Someone may have hacked dozens of university websites for a gambling SEO scheme

Share this story

Ninja Tel mobile command center

People will do crazy things to get to the top of the "real money slots" search rankings.

Last week, researchers at eTraffic uncovered a scheme that sent a certain site rocketing up the organic search rankings. When eTraffic investigated, 76 different university and foundation web pages — including Stanford, New York University, and Carnegie Mellon University — had suddenly begun linking to the site, each randomly inserting linked keywords into otherwise unrelated text. Because Google’s search ranking is still largely based on keyword links from trusted sites, that was enough to propel the site to the top of the search ranking.

All told, 76 sites included the links, primarily university sites throughout the world. The links are often embedded mid-sentence in course descriptions and press releases, and four days after eTraffic published its findings, many of the links are still present on the affected sites. It’s not clear how those links arrived on the site, but it seems very unlikely that the host institutions put them there. Hacking seems far more plausible, particularly given the number of known vulnerabilities in popular blogging plugins likely to have been used on the site.

"People will always take the next step to bypass Google."

eTraffic declined to identify the offending site, but said it was an affiliate site for slot machine websites — essentially a clearinghouse for paid links to online gambling businesses. That’s a crucial part of the puzzle, since online gambling is one of the few areas where search traffic is lucrative enough to make such a hack worthwhile. For a term like "online real money slots," ad revenue can be as high as $80 per click. "There is so much money involved in the online gambling industry, people will always take the next step to bypass Google," said eTraffic CEO Guy Regev, who uncovered the scheme.

It’s a new spin on the classic question of how a criminal can turn a compromised site into actual money. At $80 a click, driving traffic to gambling sites is far more lucrative than spreading malware, especially since the university sites have high SEO prestige but relatively low traffic.