Wanting to see what the GSM Association has been up to recently, I thought I would casually check out their website. Like many people would, I googled ‘GSMA’ because that is even quicker that typing their URL. The results are pictured above. Google thinks the GSMA’s website may have been hacked!
Google’s advice is not very reassuring:
You’ll see the message “This site may be hacked” when we believe a website may have been hacked. The hacker may have changed some of the existing pages on the site, or added new spam pages. If you visit the site, you may be redirected to spam or malware.
We recommend that you don’t visit the website until this message disappears from the search result.
The GSMA does plenty of work to counter fraud and improve security, so this will be a tad embarrassing for them. Maybe we can excuse the GSMA because they concentrate on mobile networks, not the internet…
@Commsrisk Thanks for contacting us. We’re confident the site is 100% ok and we’re working with Google to understand their concerns.
— GSMA CustomerCare (@GSMA_Care) April 7, 2015
An interesting find, one which I would most likely would have overlooked and simply clicked the link. Out of curiosity I decided to Google the words “this site may be hacked” and found an article which claims that it is a bug on Google’s site. The following is a quote from the website (see link below), claiming this was Google’s response to some complaints:
“We’re slowly rolling out a new hacked page classifier (not CMS specific) and noticed a small number of misclassifications. We’re sorry for any trouble this may have caused — we are working on addressing the issues.”
Perhaps the GSMA has been hacked, perhaps it has not. However, I can expect that for many internet users they would take everything that Google states as gospel, without asking the question “How has Google come to that conclusion?”. In the 5 minutes that I spent searching for the key words I couldn’t find any information about how Google actually determines this classification and the guidance provided in the link is aimed at the Webmaster, rather than an internet user who may just like to understand how Google has determined it, so that they can assess for themselves if it is in fact a risk. However, even if there was this level of transparency I am certain that most users that read it would simply ignore it and take the statement that it is potentially hacked as the truth.
If this is a bug on Google’s part it would be interesting to know how many online businesses may have been affected by it, and how much business they have lost as a result. I can expect that if a user was shopping online and searched for an item, that user would most likely avoid any sites with this status and jump to the next link, potentially costing the other site a sale.
It just shows the power that Google wields, and it makes me think how well are these functions tested before we all blindly believe in the all powerful and all knowing Google.
Anyway, nice find!
Thanks for your thoughtful and considered reply. Methinks it’s longer than my original post :)
But seriously, you are right about Google having great power and responsibility. I appreciate you sharing your research, and letting us know that other websites may recently have been misclassified by Google. It is possible that this warning was caused by something relatively trivial.
However… I do have some sympathy for Google in these instances. And so far, I’m not impressed by the GSMA’s response. A mistake by Google can hurt a company’s reputation, but they are also in a position to check websites much more thoroughly than most webmasters can. One of my websites was hacked years ago, and I initially responded to Google’s warnings with disbelief, as I couldn’t find what was wrong. However, after a lot of searching through the detail, I did find where code had been injected by the hackers. Not all hackers are publicity-seekers like Anonymous or the Syrian Electronic Army; most go to great lengths to hide what they have done. On balance, it’s good that Google automatically checks for signs of hacking, and highlights risks. A lot more harm would be done if they didn’t intervene.
Why am I not impressed by the GSMA’s response? It’s not just because the warning is still visible on Google, 19 hours after I told notified them by email and Twitter. It’s because they’ve seemingly made no efforts to reassure anyone, or to inform visitors about what is being done to check the integrity of their site. They’ve not bothered to acknowledge receipt of my messages. I can’t see any evidence of them Tweeting, publishing anything to the web, or using any other communication channel to advise people whether it is safe to visit their website. You’re completely right to point out the potential for Google to damage an organization’s reputation, but that doesn’t stop the organization from doing all it can to defend that reputation. Saying nothing publicly suggests that the GSMA is either slow-moving, complacent about security, or doesn’t see the need to communicate with people about this. None of these are desirable qualities in an international body that gives advice on security!
So I totally agree with you that we shouldn’t jump to conclusions, or believe everything that Google tell us. At the same time, you cannot go a week without seeing a news headline about major corporations and public bodies being hacked. The GSMA should be setting an example to telcos, but they’ve performed poorly in this instance. Would it really have been so hard for the GSMA to Tweet something bland like “this is nothing to worry about” or “we don’t think there is anything wrong but we take security seriously and we’re looking into this”? In the absence of any communication, all we have is speculation. And as you point out, whilst many may not notice or care about Google’s warnings, others will see them and assume the worst.