For more than a decade, Valeriy Shershnyov worked as a software development engineer for a number of companies, including Microsoft, until he found an even more profitable way to spend his time: Conning Amazon into displaying his self-published ebooks at the top of their best-seller lists.
Tuesday ZDnet’s security blog shared the story of a software engineer who automated his way to earning $3 million by selling low-quality ebooks through Amazon’s online marketplace.
“There are a lot of four-letter words to describe Shershnyov,” joked the story’s author Zack Whittaker. “One springs to mind: ‘rich’.”
Ironically, Shershnyov’s business was located just 150 miles north of Amazon, in Vancouver, British Columbia. There the ambitious developer assembled “a powerful and complex database” hosted on Microsoft Azure, one that kept track of his 83,999 fake Amazon accounts. (Yes, 83,999…)
“At any given time of the day, dozens of those accounts could be pushed through one of over 200 proxy servers — provided by a third-party internet company,” according to ZDNet, “which makes it harder for Amazon to detect the logins.” Shershnyov’s scripts automated the process, and in the event Amazon had deleted an account — well, there were still thousands more.
And they all shared one mission: to trick Amazon into featuring his own books on their best-seller list. Over the course of a few hours, the fake accounts would all start ordering Shershnyov’s own ebooks from Amazon — presumably during the short window when the ebooks were made available free as part of a promotion.
“The downloads would be tunneled over the Tor anonymity network,” noted Whittaker, “masking the IP addresses of the server, making it tougher for Amazon’s systems to spot the fraudulent downloads.”
For two years, Amazon’s algorithm still counted these “free” downloads towards their sales figures, so the books inevitably rose up onto Amazon’s best-seller list — which are prominently featured whenever Kindle owners visit Amazon’s store.
Ms. Emma Moore was one of hundreds of fake authors in a sophisticated catfishing scheme that “hoodwinked Amazon customers into buying low-quality ebooks, which were boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers,” Whittaker wrote.
Shershnyov’s operation was still going strong after two years — he’d published at least five more ebooks just in September — and Amazon has as of yet seemed to have discovered an effective block.
What apparently tripped Shershnyov up was an unsecured server, which exposed the inner workings of his empire to the outside world.
Acting on a tip from MacKeeper Security Research Center, Whittaker discovered all the incriminating details — database tables named amazon_accounts and book_downloads — and a database of Amazon accounts with 83,999 different records. Once Shershnyov was discovered, Amazon quickly moved to eliminate all of his ebooks from their store.
And just like that, an entire fake literary career vanished…
But Shershnyov’s scheme apparently pulled in $2.44 million over just the last 16 months, and over $3 million since 2014. In fact, somehow he even managed to sell $83,340 worth of printed versions of his low-quality ebooks.
Of course, Amazon takes a cut of every sale, so that also means that Amazon earned millions of dollars from Shershnyov’s book sales. The losers were Amazon’s customers, who apparently forked over $6 million dollars for some intentionally crappy ebooks.
But wouldn’t Amazon have noticed the low quality of his books? Well, for one thing, quality is a relative standard, and for another thing — no.
In 2012, two performance artists in Berlin created a piece of software that scraped random comments from under YouTube videos, then published them as Kindle ebooks. Hundreds of ’em — with titles like “Wierd song you cute” and “Sparta my have” — and they all seem to have slipped directly into the Kindle Store without a complaint from Amazon.
At least until the artists put out a press release bragging about their project. They described YouTube comments as a new “digital Esperanto” emerging from the gibberish of millions of YouTube comments, “treated as fresh dialogue” — and a wry comment on the online world’s “nonsense economy.”
Here is the opening of one book, “Alot was been hard” which was captured by The MIT Technology Review:
“Do Not Read!!!!! Well now that you’ve started you cant stop. One day a little girl name Maria was walking through the woods and spotted a face and thought about it for a while. After that the face ripped her face of and tore her a part limb by limb with its teeth. If you dont copy and paste this to 10 vids in 48 hrs the face will coe to ur house and kill you.”
Amazon eventually pulled all of the computer-generated ebooks, arguing that a work of fiction made entirely of random YouTube comments “could lead to a poor customer experience.” But the incident seems to prove that when it comes to slipping your book into Amazon’s Kindle Store, the bar can be pretty low.
So are we being too hard on Shershnyov? Orson Welles once quipped that even a forgery is still a painting. Shershnyov’s skimpy collections of tips — some less than 30 pages long — were still ebooks, after all. They had paragraphs of words that appear on virtual pages. Can he really be penalized just for a lack of sincerity?
Whittaker notes that while he may have broken Amazon’s terms of service, “as far as we can tell, he hasn’t broken the law.” Amazon told ZDNet only that “we’re evaluating all our legal options against the perpetrators.”
But their larger concern is the trust of their customers.
Amazon has apparently been fiercely fighting similar scams since at least 2015, according to the Washington Post. While Amazon has a certain fondness for the occasional funny fake review, its also dead serious about fine-tuning its algorithms to better-detect fake positive reviews that con customers into buying crappy ebooks.
Amazon even sued 1,000 people who they said were aggressively selling fake five-star reviews, and also filed another lawsuit against a company that apparently facilitated the sale of fake Amazon reviews — buyamazonreviews.com. When the dust cleared, that domain was in the possession of the Amazon Legal Department, and to this day it now points visitors to the company’s “Anti-Manipulation Policy for Customer Reviews.”
“We take the integrity of our reviews platform very seriously,” the Amazon website noted.
But to be fair, similar scams have also been executed in the sphere of printed books as well. Back in 2013, Forbes described a procedure that was “essentially a laundering operation aimed at deceiving the [print] book-buying public into believing a title is more in-demand than it is.”
Buying 100,000 copies of a book guarantees it a spot on best-seller lists — even if they’re eventually returned. The Wall Street Journal once pointed out how this led to a very suspicious anomaly for a book about social networking, “Networking is Dead.” The week after it appeared on best-seller lists, “more hardcover copies of the book were returned than sold.”
Maybe the more things change, the more they stay the same.
- Developer writes an AI to waste a spammer’s time.
- Security researcher Krebs confronts the implications of having to face one of the largest denial of service attacks ever.
- Amazon will replace UPS with its own in-house shipping service.
- New technology lets you answer phone calls by talking into your fingertip.
- Throw a virtual paper airplane around the world.
- YouTube prankster cons iPhone 7 users into drilling holes in their phones.
- One of this year’s Ig Nobel prize winners caused a Canadian newscaster to laugh uncontrollably.