What's up with RaFa the hacker and Crowdflower?

    English

    [UPDATED 30.12.2013, 03.01.2014RaFa the hacker is getting creative again. He is using Crowdflower to scrub the reputation of Venezuelan criminals (birds of a feather...). Let me explain how this works. According to Wikipedia:

    CrowdFlower is a crowdsourcing service founded in 2009 by Lukas Biewald and Chris Van Pelt. Founded as "Dolores Labs" in 2007, CrowdFlower made its public debut at TechCrunch50 in 2009, and was a finalist for the TechCrunch50 award.

    CrowdFlower has completed over 1 billion tasks (small units of work) since it began operation, and presently does 5 man-years of work daily. Recently, Daily Crowdsource ranked them #1 among crowdsourcing service providers in the quarterly report CrowdCensus. Lead411 gave CrowdFlower their Hot Company Award in 2010, and in the same year the company was awarded the Netexplorateur Prize.

    Crowdflower acts as a bridge between companies looking to outsource microtasking and an army of independent online workers scattered across the globe who complete said tasks. Crowdflower works with partners, such as NeobuxClixsense, Entropia Partners, and Inboxdollars. The work flow is something like this:

    1- RaFa creates a "website feedback" task (goal: to increase traffic);

    2- Crowdflower publishes the task in Neobux, Inboxdollars, etc.;

    3- Independent people (most probably clueless about RaFa's clients) are paid to click on websites created by RaFa -that contain false information about his clients- and provide feedback, i.e.: visit danilodiazgranados.com, click on the first/second/third link and report title of page.

    Among the billion tasks completed by the Crowdflower network there's dodgy ones, and here's where RaFa slots in. Readers may remember the extraordinary piece of investigative blogging that Setty posted about RaFa, which exposed the way in which the Bolibourgeoisie is getting their reputation scrubbed online. RaFa is at the center of this effort, and it seems that a good chunk of Venezuela's white collar criminals and assorted thugs want to keep those skeletons well hidden from view. Email addresses associated to RaFa have been used to register hundreds of websites related to such people, 468 to be more precise (screenshot from Setty, see UPDATE 30.12.2013):

    Among those one can see, for instance, that RaFa and his Clean Perception firm is "managing" the online reputation of Ramiro Helmeyer. RaFa has registered, either on his own accord or following instructions from Helmeyer, the most important TLDs related to Helmeyer: .com, .org, .net, .biz, .me, .mobi, .info, etc. In addition Helmeyer sites have been registered with blogspot.com. bligoo.com, wordpress.com, tumblr.com, myspace, similarsites.com... Spelling variations are used. Fake images are also published for good measure (here an image of the real Ramiro Helmeyer). Thousands of results in total, and those that contain real information about the man's past are hard to find. Helmeyer was involved in terrorism in the early 90ies. In fact, judge Frank Vecchionacce sentenced him in 1995 to 30 years imprisonment for a series of bombings in Caracas and the assassination of Mario Patti Fajardo:

    “COOPERADOR INMEDIATO en la comisión del delito de HOMICIDIO CALIFICADO, previsto y sancionado en el artículo 408, ordinal 1º, del Código Penal, en relación con los artículos 407 y 83, ejusdem, ejecutado en perjuicio del ciudadano MARIO RODOLFO PATTI FAJARDO; como CÓMPLICE PRIMARIO O AUXILIADOR NECESARIO en la ejecución de los delitos de ATERRORIZAMIENTO DE LA POBLACIÓN CONTINUADO, previsto en el artículo 297, segundo párrafo, del Código Penal, en concordancia con los artículos 99, 84, ordinal 3º y útlimo párrafo, ejusdem; DAÑOS A EDIFICIO, en concurso ideal con ATERRORIZAMIENTO DE LA POBLACIÓN, previsto en el artículo 344 tercer párrafo, del Código Penal; e INCENDIO EN EDIFICIO PUBLICO, en concurso ideal con ATERRORIZAMIENTO DE LA POBLACIÓN, previsto en el artículo 344, primer párrafo, del Código Penal”.​

    Readers will notice that the link to the sentence goes into archive.org. That's because most information about Helmeyer has disappeared from Venezuela's Supreme Court website, as noted by Setty. Everyone deserves a second chance. Trouble is Helmeyer didn't do the time. Only five years into his 30-year sentence he was pardoned by a powerful cell mate: Hugo Chavez. So this guy, involved in drug trafficking, terrorism, and shooting and throwing people from airplanes, is an authority in baseball, cars, movies, motor racing, football... if the crap being pumped by RaFa is to be believed. 

    RaFa's services don't end there though. The online reputation management services he provides also include DoS attacks, content creation, comment spam, link spam, editing Wikipedia, defaming critics, it's a one stop spamdexing shop for all positive and/or negative aspects of online presence. He's doing it for the Derwick boys (with his army of Twitter bots), for white collar thugs like Majed Khalil Majzoub, and others like Danilo Diaz Granados (arrested also with Helmeyer in connection to the bombings), and for "respectable" bankers, like this one.

    Despite claiming that he's a practicing Buddhist mindful of karma, RaFa does not seem to have a moral issue about lending his expertise to individuals of extremely dubious reputations, or to outright criminals (he's also a criminal after all). It's not an ethical hacker we're talking about here, more like a black hat hacker in fact, but this being Venezuela, where anything goes, and authorities fail to investigate and prosecute nearly all regular crimes, the ones in which RaFa and clients are involved in are way beyond the capacity of Venezuelan law enforcement bodies.

    In the current moral cesspit and utterly corrupt chavista milieu RaFa is actually thriving. These days he spends his time lecturing about IT, has got representatives drumming up business in the USA, and is negotiating directly with the chavista regime on behalf of Germany-owned Bundesdruckerei. This last gig has almost certainly given him access to the personal identification information of all Venezuelans (which he uses with total discretion). But ventures like Crowdflower should avoid being used for such reprehensible purposes. There's nothing wrong with online reputation management, but when this is done to obfuscate, to spread misinformation, to defame, and to make criminals look like angels, authorities in developed countries should take a look into the matter. Oh, and did I mention that despite lying to Setty about knowing me, RaFa didn't return my request for comment?

    UPDATE 30.12.2013: below the domains registered with email addresses associated with either Clean Perception or RaFa the hacker. The dates column refers to significant changes made to WHOIS records. This reverse WHOIS report cost me $299, so I would like to encourage readers to contribute with a donation.

    UPDATE 03.01.2014: the good folks at Google (they know who they are) paid heed to my warning about RaFa's questionable business practices, and the results can already be seen below. Search results from Google used to be very similar (if not equal) to those of Yahoo and Bing. See the difference now:

    Slider Image: