Investigations: Boston.com Uses Its Noodle

by Eva Medoff

Boston Magazine – May 2009

As crises go, it has to rank low on the list of those the Globe has faced this year. But considering that the Internet is, as they say, the future, hackers fiddling around with Boston.com isn't exactly a matter to be taken lightly, either.

The caper in question began last fall, when the site's readers appeared to become captivated by visions of warm, comforting noodle kugel. For more than four months after being published online on September 24, a recipe dubbed "Prize-winning noodle kugel" hovered at the top of Boston.com's "Most e-mailed" list on a near-daily basis. With 5,000-plus e-mails in one month alone, the recipe held its own against a presidential election, a global market crash, and even the Yankees snatching Mark Teixeira away from the Sox. Observant Boston.com users were bewildered. Could the traditional Jewish casserole be this compelling?

Not quite. "I have sad news to report," says Boston.com editor Dave Beard. "Kugel mania has not swept New England." Turns out, the recipe's overwhelming popularity was likely due to a spamming scheme Boston.com has seen before: Hackers finagle their way onto the site, attach ads to the e-mail version of a story, and start sending it out to as many people as possible. In the case of this particular item, hackers may have surmised that the unusual subject line (and perhaps the awesome allure of kugel itself?) would prove an especially powerful incentive to open the e-mail and, thus, view the ads.

Having finally booted the story from their "Most e-mailed" list in February, Boston.com technicians are working on tightening the site's code to prevent future problems. "We've been playing a sort of cat-and-mouse game over this," says Beard, adding that he "wouldn't be surprised to see another try."

The tricky thing is, it's almost impossible to tell if there's malfeasance at work when an article surges in popularity. A home-repair story about basements—bearing the less-than-flashy headline "Basement"—reigned near the top of the Boston.com "Most e-mailed" list for a suspicious duration last year. But who knows? It could have been legitimately engrossing. The 1,100 times readers e-mailed "Happy National Puppy Day" in March may be a sign of hacking, or simply indicate that people like cute canines. When another recipe, this one for "Raise-the-roof sweet potato vegetable lasagna," charged onto the list this spring, Beard was reluctant to call it foul play, but wouldn't rule it out. "Well, ask me in a month if it's still there," he says.

Boston.com staffers declined to delve into specifics on how they're fighting the hackers. But Jeffery Lauria, technology director at Boston-based computer consulting service iCorps Technologies, notes that maintaining security for a heavily trafficked site like Boston.com is a full-time job. "Because it is so high-profile, it's really a target," he says. "You have to be vigilant."

After all, next time the damage might not be limited to a flood of kugel e-mails. It could be something altogether more insidious. Like, say, instructions for making gefilte fish.