Google has admitted that some of its employees fraudulently gained access to the servers of a Kenyan business directory and tried to poach its customers.
The US search giant said it was “mortified” to discover that staff working on its Getting Kenyan Businesses Online (GKBO) project – an initiative to give small businesses free websites for one year – have been routinely accessing the database of of rival Kenyan business directory startup Mocality to obtain sales leads since October.
The matter first came to light in a blog post published on Friday by Stefan Magdalinski, chief executive of Mocality, who accused Google of “systematically accessing Mocality’s database and attempting to sell their competing product to our business owners”.
Furthermore, the operatives have allegedly been “telling untruths” about Google’s relationship with Mocality, claiming that the two companies are working in concert, and on one occasion falsely claiming that Mocality charges to list businesses.
“We were mortified to learn that a team of people working on a Google project improperly used Mocality’s data and misrepresented our relationship with Mocality to encourage customers to create new websites,” said Nelson Mattos, Google’s vice-president for product and engineering in Europe and emerging markets, in a statement on Google Plus.
“We’ve already unreservedly apologised to Mocality. We’re still investigating exactly how this happened, and as soon as we have all the facts, we’ll be taking the appropriate action with the people involved,” he added.
It is not yet known whether the people involved are Google employees or contractors working on the company’s behalf.
Mocality made the discovery after receiving a number of calls from businesses listed on its site, asking for help with their websites – a service Mocality does not provide. Through analysis of its server logs, Mocality found that a single IP/User-Agent combination had accessed all the businesses in question shortly before the calls were made.
Mocality set up a “sting” operation to try and find out who was collecting the data. It replaced some of the telephone numbers on its business directory with fake contact details, redirecting the visitor to its own call centre where the incoming calls were recorded.
“When we listened to the calls, we were beyond astonished,” said Magdalinski. “You can clearly hear Douglas (the operative) identify himself as Google Kenya employee, state, and then reaffirm, that GKBO is working in collaboration with Mocality, and that we are helping them with GKBO, before trying to offer the business owner a website (and upsell them a domain name).”
Having collected all the evidence, Mocality was ready to go public with its discovery, when accesses from the Google IP address abruptly stopped on 23 December. Magdalinski reasoned that someone had realised Mocality was onto them.
However, further analysis found that a different IP address coming directly from Google’s network had started accessing the business listings. Mocality did the same trick and received a call from Google India, once again offering to set up a website. This led Mocality to the conclusion that the GKBO operation had been outsourced to India.
“When we started this investigation, I thought that we’d catch a rogue call-centre employee, point out to Google that they were violating our Terms and conditions, someone would get a slap on the wrist, and life would continue,” said Magdalinski. “I did not expect to find a human-powered, systematic, months-long, fraudulent attempt to undermine our business, being perpetrated from call centres on 2 continents.”
View full post on National Cyber Security » Computer Hacking