Story: Page Jacking and Mouse Trapping, 12/8/99.

Page Jacking and Mouse Trapping

(December 8, 1999) In September the Federal Trade Commission obtained an injunction against an Internet porn ring that was running a deceptive scam that the FTC labeled as "page jacking and mouse trapping". That operation has been stopped, and so far, no one else has duplicated it. However, Geocities filed a complaint in federal court last week against a defendant engaged in a milder form of "mouse trapping."

"Page jacking" is a scam that utilizes the technologies of the Internet to deceptively generate traffic to a web site.

The perpetrator copies the source code of other people's legitimate web pages, and puts these copies on its own server, with its own URL. The perpetrator then adds a redirect JavaScript to the "jacked" page which includes a second URL for another web site run by the perpetrator -- the one being promoted. Thus, when someone requests the URL of the stolen page, their browser displays a different page.

The redirect code is simple, and would look something like this:

<script language="JavaScript"> window.location="http://www.redirect_url.com/" </script>

The purloined pages are then indexed automatically by search engines, such as Yahoo! and Alta Vista. The search engines index these pages just as the originals -- but with the URL of the stolen page. Web users who conduct searches through these search engines find and click through to these "page jacked" pages, thinking that they are going to the original legitimate web page. Instead, they get the site specified in the redirect script.

With "mouse trapping," a web site operator adds JavaScripts to the pages which cause more of that web site's pages to be displayed when the user clicks the browser's back or close buttons. From the perspective of the user, this keeps him from leaving the website.

When the two practices -- page jacking and mouse trapping -- are combined, the consequence is that a web site operator can deceptively generate huge volumes of traffic to a web site, and then cause the web users who were tricked into entering the web site to unwillingly view a large number of pages.

This practice could be an ideal strategy for disreputable marketers. However, it is deceptive, and causes injuries.

In the case brought by the Federal Trade Commission (FTC) in September, the defendants were part of a pornography ring. Hence, the injuries were extensive. For example, the defendants "page jacked" pages from a game site frequented by children. Children seeking game web sites got into porn sites instead. Also, the legitimate web site operators whose web pages were "jacked" suffered from lost traffic, due to the diversion, as well as users' association of their sites with pornography.

See, FTC v. Pereira, U.S. District Court Case No. 99-1367, filed on September 14, 1999. The Court issued its Preliminary Injunction on September 21, 1999. None of the defendants, or any attorney, has filed any appearance or pleading. The FTC is in the process of taking depositions in the United States of persons who may have relevant information.

There is also a parallel action in Australia, where some of the defendants are located, which is being handled by the Australian Competition and Consumer Commission (ACCC).

The FTC plead in its complaint that these practices could "impair the growth of the Internet as a commercial medium."

Judge Claude Hilton apparently agreed, and promptly issued a temporary restraining order, and then a preliminary injunction, which enjoined the defendants, and ordered domain name registrars to suspend registration of all domain names of the defendants.

The FTC then generated all the publicity of the scam and injunction that its Consumer Protection Bureau and press office could muster.

Now it appears that the FTC's action has not only shut down the defendants in this case, but had a deterrent effect on others.

Tech Law Journal spoke with several of the FTC people involved with the case on December 3 and 6. The FTC's Paul Luehr stated that "our purpose in bringing this civil action was to nip this type of high tech fraud in the bud."

"We have not had any other reports of page jacking or mouse trapping by these defendants," said Luehr.

"Fortunately, we have not seen this kind of page jacking and mouse trapping occur in the marketplace," added Luehr. "I am pretty sure that we would have heard about it."

However, while the type of large scale, brazen scam run by the defendants in the FTC's case has not been duplicated, lesser forms of deception continue to take place. Web site operators continue to register domain names that correspond to, or mimick, the names or products of other companies or entities.

The most famous such deception is perhaps the porn site which registered the domain whitehouse.com. Web users who intend to visit the domain whitehouse.gov (the web site of the Clinton/Gore administration), but who instead mistakenly type whitehouse.com, get to a porn site.

This practice, sometimes called "cybersquatting," can deceptively generate traffic to a web site.

See, GeoCities v. Babenet, Ltd., Case No. 99-1821, U.S. District Court, E.D. Virginia, Alexandria, filed December 1, 1999.

Also, "mouse trapping" is employed by web site operators. Geocities, the free web site hosting company (now a subsidiary of Yahoo!), filed a complaint in U.S. District Court in Alexandria on December 1 which alleges "mouse trapping". However, the seven claims for relief focus primarily on the Defendant's use of a domain name very similar to Plaintiff's trademarked name.

The complaint pleads seven causes of action: trademark infringement, under both section 32(a)(1) and 43(a), trademark dilution under section 43(c), unfair competition comprising false and misleading statements under section 43(c), unfair competition and deception advertising under Virginia law, and trademark infringement under common law.

The plaintiff's complaint in Geocities v. Babenet does not allege that the defendant engaged in "page jacking". Nor does it allege facts similar to the facts presented by the FTC in FTC v. Pereira. Rather, the complaint alleges merely that the defendant registered and uses a domain name very similar to Geocities, to wit, Geotitties. The use of this domain name, the complaint alleges, is "meant to deceive the public into visiting their hard-core pornography website." (Paragraph 76.)

Geocities' complaint does allege that the defendant engaged in mouse trapping:

"Once at "geotitties.com," if users try to get out of the site by clicking the "back" or "exit" buttons on the Internet browser, the browser automatically opens several new windows displaying banner advertisements for other pornographic sites, some of which include bestiality. This tactic has been referred to as "mousetrapping," where a user may have to shut down the entire computer in order to stop the web browser's windows from continuously opening and loading various pornographic links and images." (Paragraph 37.)

The FTC's Don Blumenthal, an attorney specializing in the technical aspects of consumer protection on the Internet, points out that while some people describe "mouse trapping" as "disabling the browser's back button," technically this is not the case. The back button works even if "mouse trapping" is in effect: It just does not appear that way to the user.

For example, one way to "mouse trap" is to insert in a web page's source code a JavaScript which employs the event handler onUnload, in connection with an instruction to open a new window, and the URL for the web page to go into that new window.

When a user clicks on the browser's back button, he is instructing that browser window to unload the current page, and reload the previous page. This method of mouse trapping does not interfere with the back button, or disable it. Moreover, the previous page still loads in the original browser window. However, the JavaScript can instruct the browser to open up an additional (or multiple additional) browser window(s). The JavaScript also specifies the URL of the page(s) to appear in the additional window(s). The JavaScript can even specify the width and height of the additional window(s).

So, with this sort of JavaScript embedded in a web page, when a user hits the back button, the original window unloads the web page, and reloads that window's previously viewed page. But, a new browser window is displayed and superimposed over the top of it with a different page in it. Moreover, if the new browser window is set to fill the entire screen, it may look to the user like the back button is not functioning.

But, it does not stop there. The page that is loaded in the second browser window can also contain a script which causes the browser to open yet another window when it is unloaded. The chain can go on indefinitely.

In the Geocities case, the number of windows that must be closed before the "mouse trap" is exited is smaller than was the case in FTC v. Pereira. Also, in the Geocities case the size of the windows are smaller than the monitor screen, thus making it apparent to the user that he is being subjected to a series of new windows.

Paul Luehr asks that if anyone is aware of a page jacking and mouse trapping scam, they can report it to the FTC by going to its web site at www.ftc.gov, and then clicking on complaint, or phone the FTC's toll free number, 877-FTC-HELP.

How the Scam Works, 9/24/99.