A while back it was all over the blogs and Twitter that Amazon had somehow demoted Gay and Lesbian themed books to keep them from showing up in searches.
There was outrage from all the civil rights folks especially in the LBGT camp (rightfully so if it was true).
After that the rumour started the manipulation was carried about by hackers misusing an XSS flaw in the reporting mechanism.
Amazon.com is disputing an account that a hacker was to blame for an error that caused thousands of books to lose their sales ranks over the weekend. According to Amazon.com Director of Corporate Communications Patty Smith, the situation was due to a cataloging error. Smith disputed a supposed confession posted on a LiveJournal discussion group April 13, in which a hacker identified as “Weev” claimed he had exploited an Amazon.com feature for reporting inappropriate content.
“The thing about the adult reporting function of Amazon was that it was vulnerable to something called “Cross-site request forgery,’” he wrote. “This means if I referred someone to the URL of the successful complaint, it would register as a complaint if they were logged in.
“I know some people who run some extremely high traffic (Alexa top 1000) Websites. I show them my idea, and we all agree that it is pretty funny,” he continued. “They put an invisible iframe in their Websites to refer people to the complaint URLs, which caused huge numbers of visitors to report gay and lesbian items as inappropriate without their knowledge.”
It’s a pretty neat trick, just embed an iframe into some heavily trafficked websites and every time they get visited your cross site request is sent and a vote/report is made.
It leveraged on the ability to report inappropriate content, I’m guessing from what happened that the Amazon system has some automated threshold for tagging stuff that’s reporting x number of times.
However, contrary to statements in Weev’s blog entry and some reports, the situation was not limited to gay-themed books.
“It has been misreported that the issue was limited to Gay & Lesbian themed titles—in fact, it impacted 57,310 books in a number of broad categories such as Health, Mind & Body, Reproductive & Sexual Medicine, and Erotica,” Smith said in a statement. “This problem impacted books not just in the United States but globally. It affected not just sales rank but also had the effect of removing the books from Amazon’s main product search.”
The situation has drawn the ire of some gay and lesbian rights groups concerned that gay-themed books were being censored. In addition, some authors have claimed in press reports that they received e-mails from Amazon.com stating that their books had been placed in an unranked Adult category and excluded from some searches.
At least they’ve acknowledged there is some kind of problem, they understand the scope and are working on fixing it.
I hope they are better than the average corporate and actually fix the root cause too, not just fix the fall-out and patch up the flaw.
Who knows, this may develop further.
- PentesterLab.com – Excercises To Learn Penetration Testing
- New eLearnSecurity Course – WAPT – Web Application Penetration Testing
- Hackers Break Into White House Military Network
- SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud
- TJX Hacker Albert Gonzalez Claims Government Made Him Do It
- The MPAA TorrentSpy Hacker – $15,000!
Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,129,581 views
- Hack Tools/Exploits - 573,154 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 409,708 views