In the this post I am planning to discuss some of the steps you must follow when you find your company in the middle of a reputation crisis. Keep in mind that these rules are just valid for very big corporations and if you have to deal with personal matters you need to adhere to slightly different plan of action. I am going to write about this topic at the beginning of next week so keep following the site.

Those who are somehow involved in reputation management probably have already found lots of similarities with the medicine. Both industries operate with pretty much the same methodology when dealing with emergency issues and chronic disorders. They even use the same terms in order to easily describe what is wrong with the patient at the moment of examination. Personally, I find this very practical because it is simple for me to explain to my clients what I am about to do and to what extent their reputation health has been affected. The same lingo is applied to the recovery processes and the special diet the client must follow when the crisis is gone.

Perhaps the most important and the most difficult task in reputation management starts with the determination of a right diagnosis. There is a big difference between the real causes of the disease and the general symptoms a corporation faces. Your job is to identify the main roots of the problem and to provide a treatment of appropriate communication strategies which will help the you soothe the negative effects.

The intervention usually goes like this:

1. Company’s Diagnostics

The purpose of this stage is to identify the origin of the crisis and to what extent the corporate assets have been affected. In simple words you need to find answers how exactly your reputation/image has negatively changed over a particular amount of time and how much severe these losses are for you. There are a minimum of six points we definitely need to check up on.

Company’s structure

Spend time to revise the corporate operations. Are there any problems (technical, organizational,distributional, political or financial) in the implementation of your services or production? Are you able to keep all of your liabilities? Can you detect any security (IT or physical) breaches? Is there a lack of collaboration among the different internal departments?

Monitor all the media activities

Consider to deploy an online reputation management system, which will allow you to monitor all conversations on the Web related to your brand. It is also an excellent chance to gain better understanding of the relationship between user-generated content and traditional forms of online media, e.g news, print, etc. Most of the professional ORM frameworks give you the ability to follow the volume of negative publications and the types of messages that has been used to describe your products or services. Try to find out the initial source of every damaging speculation and who stands behind it.

Financial performance

Keep a good eye on the financial performance of the company. Especially on:

• sales
• overheads
• gross and operating profit margins
• return on sales, capital employees, total assets and equity
• interest payments
• pre-tax profit margin
• tax charge
• sales and profit per employee
• dividend policy
• cash flow

The reason I am recommending this is because you have to detect if there is any significant financial losses due to a bad corporate reputation. Usually most of the defamation attacks aim exactly the same – decrease in the market value and decline of the share prices. This could be achieved by spreading malicious rumors about the targeted organization which will cause some chaos between the major investors. Learn what economic terrorism is.

CEO/ opinion formers behavior and image

The CEO’s reputation, without any doubt, is one of the major factors in the overall corporate performance. Because of its enormous significance, his persona is an inevitable target of numerous reputation attacks and nasty domestic scenarios. Even if his name is not directly involved in a particular crisis, his behavior and opinion are the ones that really matter.

Competition

Once you realize the impact of your reputation losses you need to ask yourself who is going to benefit most from all of this. Keep a good eye on your competition and how they react on your own troubles. Do not spare any energy on business/competitive intelligence because this is the best time to track down any defamation attacks. If you detect some of this, maybe it is also a good time to consider taking some legal actions. Do that privately because whining about being a reputation victim usually have the opposite effect.

Stakeholders

What your stakeholders think about you is around 60% of your reputation. Be aware of any troubles that could possibly break the relationship between the organization and its audience. Try to predict their needs and how they are going to react to any important changes and decisions.

2. Plan your Actions

This is the second level of the reputation crisis management plan. It aims to design the basic strategy you need to follow when you try to tackle your corporate troubles. Once you know the right reasons for your intangible loss, the first thing you must do is to set up specific objectives of what do you want to achieve or to change in the current situation. This could be everything – your CEO’s image, the quality of you products or simply your stock market performance. When you finish this you have to concentrate on how you are going to do this. Remember that this is a very specific job and it must be executed by experienced reputation experts.

3. Implementation

This is the moment you need to put all of your reputation strategies into action. It could be very tricky and complex process, which implementation should be tested and be revised at any single level.

4. Feedback

It is proven that corporate reputation recovery usually takes around three and a half years. This is the time when you have to concentrate on improving your ORM system or investing in reputation security testing, which would help you to prepare better for future reputation threats and crisis situations.

Bottom Line

As you probably have already noticed the last three parts of the plan are very briefly described. The reason for this is because they are very subjective and depend on the specific needs of the crisis. The good news is that there is no reputation that can not be restored so keep reading behind the lines and explore every single opportunity that could turn your loss into profitable competitive value.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

Usually when we talk about Black PR (BPR) we refer to the ability to destroy our enemy’s identity and reputation. There are many approaches BPR practitioners can employ, but the basic aim in most cases remains one: to smash the basic relationship between the organization and its stakeholders. Of course the rules of the game change when we start thinking in terms of technology and more specifically the Web. Is there BRP on the Web? How does it differ from traditional black PR practices? And what about Web2.0?

When we start researching about the Web we indefinitely stumble across terms such as AJAX, Feeds and Social Networks, blogs, etc. These terms define a phenomenon known as Web2.0. The term Web2.0 was invented by O’Reilly media in 2003 as a marketing buzzword to define the new ways of developing and interacting with on-line applications. Web2.0 applications are better suited for information analysis. They are highly reusable and extremely useful when it comes down to get the job done. Fortunately or not, these very same technologies can also be used by black PR practitioners to reach the masses faster then ever before. Meet BPR2.0.

The means of BPR in the Web2.0 world are pretty much the same like the ones found in its older version. The only thing that has changed is the approach we have to undertake in order to handle the enormous volume of information. While in Web 1.0 the data was hard to be found, analysed and modified, today, this asset it is much more accessible and a lot more integrated. Simple fact: search engines query information more often then before and cached information sources never disappear. In the following article we are going to have a look at some Web2.0 technologies and see how they relate to the black public relation practices.

AJAX

AJAX stands for Asynchronous JavaScript and XML, and it is a new programming practice which pushes key-business logic from the Web server down to the Web client in order to provide better user interface and in general improved user experience. However, often developers push down too much causing information leaks to appear around the internal application logic. These leaks may often contain sensitive information which does not necessary are used for the purpose of the AJAX application but suits quite well hackers and BPR professionals. Once the information is obtained, and analyzed, it is then used for strategically placing black public relation campaign.

Feeds

Feeds, in a form of RSS (Rich Site Summary) or ATOM, the two most popular feed formats, are designed to automatically deliver content to the user. The approach here is rather different from the one seen in Web1.0 where the user needs to go to the specific website in order to get the information they are interested in. Due to their modularity and remixable nature, feeds are used to aggregate and re-distribute information.

Black PR professionals may take advantage of both RSS and ATOM by first locating key information and channels and then use them to redistribute the desired message. Once a carefully placed message is within circulation with important feed channels, it could potentially reach millions of users withing a couple of hours. This type of technology can be used to either spread forged messages in order to perform a BPR stunts or even quickly resolve a crisis situation.

Social Networks

Social Networks are all about Web2.0. In fact one of the key features of Web2.0 is the social element. Social Networks are probably one of the most powerful BPR tool since they can be used to spread messages resembling a viral effect.

Blogs and Splogs

Blogging, also know as citizen journalism is the 21st century media platform for delivering messages. However, be careful not to stumble across a splog. Splogs or spam blogs, are false, forged and artificially created blogs by software agents. Splogs are usually used to earn their owner some cache by abusing advertisement platforms such as Google Ad-Sense. However, once the abuse is identified the splog master account will be closed and purged from the network.

However, it is completely different story when it comes to BPR. Black public relation practitioners may employ the power of splogging to deliver a message across multiple platforms in a single go. The more splogs are employed the further the message will spread. The actual splog content will be dynamically generated out of completely legitimate blogs and the deadly BPR message will be embedded within the desired places.

Power tools

There are even power tools to enable even better and more successful and sophisticated BPR. Meet Maltego. Maltego is mega power tool which utilizes several social networks, search engines and information sources, such as the MIT PKI (Public Key Infrastructure) data to enable BPR professionals to extract and find links between entities in an easy to use and quite graphical way. Maltego can find links between e-mails, names, social profiles, locations, etc. Once the map is reveled the connection will be obvious. This tools is possible due to the high remixability and use of use Web2.0 provides.

Web2.0 is without any doubt the most innovative approach to technology. However, due to its flexibility, modularity and easy of use, it perfectly suits black public relation practices. The future is within the information, the single most valuable resource in the digital world. Black PR needs indefinite supply of it and Web2.0 is here to make this happen.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

There is a new widget that caught my eye the other day and I have been playing with it ever since. It’s called Tell-a-Friend and its general purpose is to help users to share any type of information without leaving the website where it is installed. Nothing new, you may say, but the point I want to make is that this tool actually enables visitors to access their friends with much greater speed and scope. So, instead of remembering all the contact details of your LinkedIn network, you can now spread your messages with less efforts and boring authentication requests. Convenient for ones, quite scary for others! Tell-a-Friend is a two-edged sword that can successfully build and destroy your reputation in a matter of minutes. Everything depends on the professional skills of both the black-hats and the reputation management consultants.

It is not a surprise that most of the serious PR agencies today design Word-of-Mouth (WOM) strategies as part of their promotion services. They are well aware of the power of peer-to-peer sharing and that most potential costumers heavily rely on the advice and the input of the people they trust. A professionally executed WOM campaign is hundreds of times more effective than any other advertising platform combined with the best communication tactics, especially when it can also help boosting the sales performance and corporate operational profit.

One of the most specific features of WOM marketing is that it barely relies on any substantial facts, but personal opinions. So, even if you read something about yourself on the Web that it is not entirely true, the measures you can take are pretty limited. It is almost impossible to start legal actions against a whole community, especially when the initial source of the rumor is hard to be identified. It is also quite stupid for a company to blame someone because of his personal believes and thus all marketing books share the opinion that customer is always right.

I will stop here. I think it is pointless to explain further the importance of Word-of-Mouth and its global impact on corporate reputations. However, I believe it is crucial to discuss its usage as rumor spreading accelerator and general defamation tool.

What makes Negative WOM so powerful?

It is proven that people trust negative information way more than any superlatives. If you hear something bad about someone, this is more likely to be remembered than the high volume of positive stories you can find about that very same person. The reason for this are the libel messages with their embellishing nature which causes the drama effect. This means that if you start a rumor about something,,at the end of the day it will sound totally different from its initial form. In fact, every time when somebody repeats the story, the impact will be much bigger and stronger over the target audience. None of the other communication tools enable you to do that.

The other thing I would like to mention is the tempo, with which viral messages could be disseminated. This is extremely important for every defamation campaign , because it disables the target to react promptly on existing reputation attacks. If the target delays its official respond or fail to give a reasonable explanation of the buzz (with enough number of facts), then the allegations will be subconsciously confirmed by the audience. Moreover, this delay may actually help the rumors to spread even more and this is how the target’s reputation can be permanently damaged.

In conclusion, I can only say that most of the big corporations tend to underestimate the power of negative communication. They are willing to spend enormous amount of money for creating a positive buzz, but not fighting the negative one. In short term perspective, this may look reasonable, but keep in mind that there will always be someone that doesn’t like your product and will try everything to take you down. As I always say, it is up to you to decide whether this is going to happen.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

There is a big dispute over the PR community whether or not, the Black PR strategies are entirely based on lies and deception. Well, the truth is that no one can estimate for sure how many of them are actually made of false statements and imaginative facts, but there is a huge difference between professionally made smear campaigns and those which happen to have completely incidental outcomes. In fact, when referring to common defamation techniques I can clearly distinct a contrast between professional terms such as libel, slander and black public relations, although their basic meaning remains pretty much the same – crushing someone’s reputation.

The main objectives of BPR tactics are to find the dirty secrets of the target and turn them against it in a profound communication campaign. This is actually composed of the two key stages of any smear strategy, starting with an extensive information gathering and an internal corporate investigation. The approaches that could be used here vary both ethically and skillfully and depends mainly on the type of a target you are aiming at. This means that if someone needs to do a Black PR, s/he can always choose whether or not to stick on the right side of the law. For example if you are really good at any kind of research or competitive intelligence, there is nothing wrong of widely exposing the unpleasant truth about your target, especially when this is in a common public interest. But, if you maliciously crack into the corporate networks of the victim or perform a little social engineering, the story seems totally different . Keep also in mind that once you get access to the internal systems of a company , you can do almost anything that comes in mind – including deleting important data, transforming digits and text or even mess with the control of critical operations.

The other stage of Black PR comes when the collected information is being used after as a part of a detailed strategical planning. The idea behind this is simple – to project a negative image of the target, by using the gathered date and experience. Actually the rules of building and harming a reputation are very similar and once you know how to protect one, it is very easy to master its destruction. Whichever way you choose to pitch your messages, by using your own media contacts or having time to think about safer communication channels, make sure that your are not lying to the audience, by giving the correct facts and enough reliable sources.

Black PR has many other dimensions and tools of cracking personal/corporate reputations. For example, instead of a dirt hunting, many professionals now-a-days are focused on finding multiple ways to challenge the relationship between the company, the target, and its stakeholders, employees, investors, suppliers and so on. This is a very vast topic, so I promise to concentrate on this some other time.

Disclaimer: I think now is the right time to clarify that Spin Hunters as a commercial entity does not perform Black PR attacks. Instead we are trying to prevent them by executing series of internal test, aiming to disclose all vulnerabilities that affect the client’s reputation security.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

In today’s volatile market the biggest threat that a corporation could face is losing its permanent contracts. The slowing economy is putting extra pressure on the sales departments, seeking millions of ways to uphold a basic financial stability. They have to stretch their creativity and skill sets to maximum degrees in order to keep the corporate liabilities and active workload forces.

Getting a new client is a tough job, especially when the whole market is at a complete standstill. Everyone waits, calculates opportunities and cuts down unnecessary expenses. The only way to survive is through fierce competition. As Doug Leone recently highlighted at the latest CEO’s Sequoia Meeting (via Lance Weatherby blog), companies should take at least one of the following steps:

• Getting another round if you’re not profitable will be rough.
• Do everything possible to get to cash flow positive. Now.
• Nail your Sales and Marketing message.
• Pound your competitors shortcomings. They’re hurting and they will be quiet. Take the offensive.
• In a downturn, aggressive PR and Communications strategy is key.

I couldn’t agree more.

Having a good reputation is probably the strongest competitive advantage and as such it is often a target of numerous attacks. It is also closely related to the financial performance of the company and affects its long-term future. Many of the organizations today are unable (or unwilling) to invest in major communication programs and therefore prefer to spare energy on defaming the enemy. It is much more effective and cheaper than paying for special reputation building initiatives. You don’t believe? Just check the number of hits that turn in Google when searching for things such as black pr and smear tactics. The number increase every day and this is one of the proofs of a strong market demand. You can even find PR executives on the black market for 500$ a day, much less than hiring a professional reputation management consultancy. Don’t you think? What is really scary is that the chances to get caught of acting illegally are pretty low and if the job is performed professionally it wouldn’t be even detected at all.

What are the alternatives?

Instead of spending millions on different management strategies , you can bet on reputation security testing. Although it is still not very popular as a discipline, Reputation Security is a good decision when you are trying to check up the effectiveness of your corporate communication. Its sole goal is to provide awareness of pending reputation vulnerabilities and to show how they could be exploited by the black-hats. The scope of the tests is vast, from network/application security assessments to employees dedication or media collaboration during times of a crisis. This is a good opportunity to find out which of the corporate stakeholders are more susceptible of reputation attacks and have bigger leverage over shaping the public opinion.

Remember: Black PR is all about finding the dirty secrets of the target. If you don’t want to find yourself in a position to justify your sins, then try to correct them before they become public awareness. If this is impossible – prepare a plan that you can follow when the crisis occurs.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

Ask any reputation strategist and he will tell you that the most vulnerable asset of any corporation is its very own leader. Actually CEO’s reputation represent around 49%-65% of overall corporate reputation and thus it is inevitable part of numerous Black PR scenarios. The reason for this is because it requires much less efforts and time to defame a person, than to concentrate on the disparagement of an entire organization.

The objectives of the smear campaigns, on the other hand, could also be different. Usually there are two simple goals behind every reputation attack. The first one is directed at the personal qualities of the target and it aims his official resignation. Most of the time these types of attacks come from inside the company and are used when the leader is no longer suitable for the general corporate performance. It is also very convenient when he/she cannot be dismissed directly or is a great obstacle for someone’s interest. The second reason for CEO defamation is when the black- hats are trying to distract the attention of the industry’s stakeholders or are aiming to cause extra troubles for the organization. It is not a surprise that this is a very common situation during important events like new product launching or some forthcoming acquisitions.

Due to the high volume of recent reputation attacks, I tried to summarize the most common malicious scenarios that CEO’s could be involved in. Of course, there are a lot more scenarios than those that I have listed. Keep in mind that everything depends on the creativity of the attacker. The golden rule here is that the more uncommon the plan is, the more effective the results would be.

1. Sexual Harassment – This is the most popular type of attack that a leader could face. It is quite easy to be proved and works almost every time. All you need to do is to find a suitable victim, sufficient evidences and a tabloid editor, willing to pay enough for the story. Once the scandal is triggered, you can just sit down and relax.
2. Hypocrisy – The point here is to reveal a discrepancy between leader’s official attitude and his actual deeds. The latest example is the Sara Palin fashion affair. The problem there was not that she likes to wear very expensive, designer clothes, but the fact she is not a regular American girl as she had been trying to portray herself.
3. Membership of controversial groups – This is a really powerful approach. If you can prove that the CEO is a part of a mob gang, religious cult or secret society, than his media crucifixion will be certain. The corporate long term strategies will also be affected.
4. Professional Incompetence – if the leader is incapable of making good decisions and taking responsibilities of his action , then the quality of the corporate services will be put under a serious suspicion. This is pretty scary for most of the B2B type of companies.
5. Misuse of corporate resources (Embezzlement) – Financial wrongdoing and unethical behavior are probably the most significant threats to every corporate reputation.Such is the case with the Deyaar’s ex-CEO, Zack Shahin, who was suspected of embezzling over $33 millions into his personal accounts. The scandal broke earlier this year and let to his immediate discharge as the head of the biggest property developer in Dubai. According to the Gulf media sources, the company is still trying to recover its tarnished reputation and to regain the trust of its shareholders.

I want to clarify that the person who was accused of embezzling Deyaar Development’ resources is Zack Shahin , not Nasser Al-Shaikh as was stated earlier before. Mr. Al-Shekih is the current Chairman of the company and The General Director of Dubai Department of Finance. Spin Hunters apologies for any inconvenience we might caused with this post.

6. Indictment – When it comes to CEO’s reputation, ethical conduct is always on the top. Bernard Ebbers, the former CEO of WorldCom, learned that the hard way when he was indicted on federal charges stemming from the multi-billion dollar accounting fraud at the telecommunications giant. He was also charged of conspiracy and false filing with the Securities Exchange Commission. Today he is serving his sentence at the FCI Oakdale.
7. Personality and Lifestyle – The main goal of the attacker here is to reveal all the dirty secrets of the target that are not publicly known. If the leader is a drug addict, a racist or a homosexual and this type of an image is in total clash with the position he takes, then not only the reputation of the organization, he is associated with, will suffer but also the reputation of the entire industry itself.

Bottom Line: CEO’s reputation will always be a target of professional smear campaigns. The best thing CEOs can do is to be completely honest and sincere with his PR strategic team, as this is the only way to tackle all pending reputation risks.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

The year – 1993; the players: British Airways and Virgin Atlantic; the characters: Lord King and sir Richard Branson; the beauty: Heathrow Airport; the weapons: the whole arsenal of BPR!

Well, this is not the Trojan War, but its plot became as epical as those of ancient Sparta. Although the script was written more than ten years ago, the communication politics of British Airways is probably one of the most popular and honest examples of how the big ones actually compete with each other.

The story starts here: In 1991 the British Government made the decision to let Virgin Atlantic fly into Heathrow by abolishing “The London Air Traffic Distribution Rules” despite facing mounting opposition from British Airways, whose senior management was exerting pressure on the Government to maintain the status quo. The situation became even more critical with the decision of Malcolm Rifkind (the former secretary of State of Transport) to allow VA to have two extra flights to Tokyo. By estimation of Lord King, which he detailed in the Guardian, that decision would cost around £ 250 million, a year in lost revenue, which would go straight into Richard Bransons back pocket. All of this became the main trigger for BA’s so called “dirty tricks” campaign that could be divided into six different sections – press campaign, spoiling tactics, private investigators, engineering matters, dirty tricks and sales and marketing.

As every other war, BA relied on the establishment of a special internal team, aiming to discredit Virgin’s reputation. The staff in BA sensitive areas were briefed on anti-trust laws and how to respond to sensitive information , involving their rivals. The management also had ordered the shredding of documents relating to Virgin. Their other task was to gather as much information about Virgin as possible. This included flight information, the number of passengers booked on flight, the actual number of passengers who went on board the aircraft, the mix between upper class and economy and departure times. The research conducted by BA didn’t stop there. Brian Basham was involved with the creation of a special report, revealing the strengths and weaknesses of Virgin and its chairman. According to the paper , there were two things which could really drag Branson down. One of them is his physical courage ( his ballooning passion for example), which could put him into a major risk. Let’s not forget one of the main rules of Black PR, which says What leads the leader into danger, leads the business into danger too. So if something tragic happened to him, the whole business would collapse , because in this case it is his charm and magic that pulls the cash into business;

The next thing which Basham mentioned is the possible “moral threat”. There were many rumours at that time that Branson’s bar “Heaven” is a traffic palce for many drug dealers and prostitutes. The aim of British airways was to expose this information in the newspapers and thus harm their rival’s identity and the way they run their operations. They were also trying to create a buzz over the financial weakness , facing Virgin Atlantic at that time. Lloyd’s was trying to pull its loans out because of Virgin’s inability to pay its interests on time. But this wasn’t strong enough. Brian Basham was hoping to pitch to the financial editors another disturbing story. It was about VA having to pay for its fuel in cash because of a low credit rating. This was the sort of rumour that would cause the most damage to Virgin and probably lead to Shell (their fuel supplier) demanding cash for fuel and that in turn would put them out of business due to its own momentum. The aim of BA was pretty clear. Fuel represents over 20 per cent of VA costs and without the cash-flow credit which comes form the passengers paying for their tickets upfront and them paying for the fuel a month later, Branson had to take out a further loan which no bank would countenance. Fortunately for him Shell denied this information and the company had been saved one more time.

Using media relations was not the only part of BA strategy. In the summer of 1988 , British Airways was engaged with the technical maintenance of Virgin’s 747s . BA engineers had failed to spot a crack in a pylon, the link between the engine and the wing. Eventually a new pylon had to be ordered and the plane was put out of service. To top it all, BA refused to let Virgin have one of their spare aircraft to replace their 747. The situation became even worse: the spare part wasn’t available ; there was another delay; the plane lost its space at the hangar; then the engineers weren’t available; and so the saga went on. All in all, Virgin’s 747 was grounded for sixteen days in August, the busiest time of the year. The response of BA senior management to Richard Branson was “That’s one of the perils of being in aviation business. If you’d stuck to popular music you wouldn’t have had this problem . No we won’t lend you a plane”

The most crucial moment came when a couple of Virgin clients had been contacted by BA officers, pretending to be from their rival firm. What they did was basically persuade them to switch to the other company. The motives were different each time- the flight was overbooked, none smoking seats were full, the flight was delayed. After that, they were offering them other available flights with BA at a lower cost. The other approach was to call their own clients , who had been changing their regular BA flights with those of Virgin and asked them for the reason for their conversion. The major problem here is not that they don’t have the rights to do such a survey but how they possibly got such sensitive and confidential information about their competitor’s clients such as home numbers, frequently of flights , personal details and many other facts. Actually this was and the most crucial moment of the whole process, giving the advantage of Virgin to win the trial against BA (which was faced with a legal bill of up to £3m, damages to Branson of £500,000 and a further £110,000 to his airline )

Well many of you probably think why I am writing this post now, especially in a time when Virgin is facing much more major problems. I believe that BA affair has several valuable lessons to teach . The first one is that Black PR is real and is out there. Obviously British Airways has failed to implement a successful campaign, but there are so many others organisations which remain unknown regarding their own dark practices. I read somewhere that every six of the cases in Crisis PR is due to deliberate actions taken by the side of competitions. Secondly, most of the companies refuse to consider the crisis in more global context and do not have the right attitude to spot the attacks. Finally it raises questions about how the new technologies and Web 2.0 have changed the way the attacks operate and whether or not the international competition law has enough power to stop them.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

As you probably have already heard, Barack Obama recently launched a brand new sub-domain, aiming to tackle false information throughout the Web. As far as I know, this is the one of the first mature attempts in the field of politics to wage an official war against political smear campaigns. Unfortunately, the release of the site was a bit late, since the Internet is already stuffed with numerous negative allegations and rumors about both presidential candidates. Furthermore, it seems that both teams have been underestimating the potentials of destructive identity attacks and instead of sensibly investing in reputation security, now they are forced to spend some precious time (and even more money) in crisis management activities. And when it comes to this , usually the situation is already out of control.

I was really tempted to write about all these election affairs a long time ago, but somehow I have always refused to do so, waiting for more details to come out. I didn’t want to repeat all of the news you already know or comment over something that I do not have a personal access to investigate. Anyway, things have changed and I am quite annoyed for several reason, which I am going to outline bellow:

First of all, I am annoyed of the common attitude towards slander technologies. As I’ve already stated in my previous post there is a huge difference when you deal with false information and the truth. I believe that Obama’s team puts too much effort in refuting the fabricated facts and failed to detect the other types of reputation attacks.

Secondly, it is the way election race is presented in the media. It’s funny how Americans always tend to simplify the political situation by dividing the groups of black-hats and white-hats. I know this is a regular approach in public affairs , but come on, in US this is way too overused. My point here is that political smear campaigns are not necessarily related to the opposition of the affected party. I know that it is easier and quite handy to blame the competition , but most of the time behind the deliberate Black PR attacks stay many other financial interests, which could be coming even form your own political group ( remember the case with Hilary Clinton) . Whatever the source is, it it extremely important to have a substantial proof, before accusing someone of intentional defamation. Fight the smears indeed provides many names, but if you have a closer look you will realize that none of them are actually related to the posted allegations.

The last other thing which I am annoyed of is that there are many negative stories that have appeared online and still haven’t been considered as smear attacks. Take Lary Sinclair for instance. This is the man, who is claiming that he had a sexual relationship with Obama not so long time ago. Just the fact that his name is missing form the actual list on the website is a silent confirmation that this information could possibly be true. So , if you are trying to clean your name, just make sure to tackle all of the discrediting rumors that someone could possibly find about you . This means that Obama’s reputation advisers should also spend some more time on refuting claims about his drug addiction, the allegations that he will be a weak lider during a potential war, racism and the Jewish whispering affair.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

In the mood of the upcoming Christmas feasts, here are our tips of how to stay corporate fit during the season. As you know, during this time of the year most companies are quite busy with the execution of various sales campaigns or are rushing to close important deals right before New Year’s Eve. Christmas also means lots of parties, reunions and gatherings. However that urge for having a fresh start sometimes cost millions to the organizations as they tend to neglect their competitors and therefore easily become victims of lethal reputation attacks. While many attribute the cause for this as an excessive preoccupation during the holidays, much of the Black PR cases are due to the carelessness of managers to assess security threats and their actual frequency. CEOs also foolishly underestimate the objectives of negative campaigning and refuse to believe that someone will ever dare to affect their flawless corporate systems.

I don’t think is even worth mentioning it here how idiotic approach this is and to be honest many organizations deserve their own reputation misery. So instead of spending quality time with friends and families, many employees end up the year setting crisis teams and fighting bad publicity. Sounds like lots of fun, isn’t it?

What is the healthy diet?

First of all, I think it is very important for corporations to understand the power of a good reputation. Although it is not something that you can touch and hold in your hands, having a good name (personal or a brand) is the only thing that matters at the end of the day. It affects not only your annual financial reports, but also it gives you a competitive edge and a whole new meaning of your marketing strategies, internal relations and in general sales performance. Companies with strong reputation are more likely to recover from severe crises, than the ones with inconstant behavior and negative image.

Secondly, there is a common misunderstanding which I want to clarify. Usually when PRs talk about reputation, they tend to refer to it as good or bad one. The truth is that the reputation of an organization can be much more colorful as it can take many different shapes or sizes. Keep also in mind that the corporate image means different things for the different stakeholder groups, such as employees, suppliers, shareholders and the media. It is vitally important to keep the balance between them as you risk to put yourself in a very untrustworthy position.

The size always matters

There is no big or small reputation. It is all relative. Companies with big reputations are those with a greater popularity among the general public. This s the case with Body Shop. Everyone think of Body Shop as a company that is deeply concerned with the environment, fair trading and biologically clean products. This is something that nobody doubts or dare to counter.

Organizations with small reputations are those that fail to established any strong images in the minds of the audience. Usually those are start-ups or corporations with controversial past and lack of political protections. Even worse – firms with no individuality and international media presence.

The question here is what will happen when these two types of reputation collide. Obviously it will be much easier for a bigger organization to smash down the smaller one. It has wider network of connections, more money and better PR team. The smaller competitor won’t even noticed that they are being a victim of Black PR campaign or even if they do, nobody will believe them or even want to invest in an entity without any market future.

However if a start-up succeeds in the defamation of a bigger company, it will automatically position itself as better consumer alternative and even secure its own market place. This opportunity is especially seductive for the retail industry. The only difficult thing here is the creating of an effective Black PR strategy and a new marketing plan for after that.

So, take the tape measure and prepare for the upcoming festivals!

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2

There is a new reputation term I stumbled across yesterday (via Authenticorganizations blog) so I thought it is worth discussing it. It is called collateral reputation damage and the idea behind it is that some companies could be incidentally defamed, just by having random similarities with another, less respectable organizations or individuals. According to the author:

The collateral damage, (is) not intentional damage, because the folks taking action don’t intend to damage the organization’s reputation. Instead, the damage occurs through guilt by association

How does it work?

The most popular example of collateral damage is when two similar names (let’s refer to them as A and B) are being negatively associated with each other. Usually there is no any relevant connection between them, except their names, nicknames, corporate symbols or initials. Visual resemblance is also possible. The only requirement here is one of the subjects (let’s say A) to have an established bad reputation in people’s minds. So, every time when people hear about the other one, B, they will subconsciously associate it with the negative qualities and characteristics of A. Fortunately, this works only for a very short period of time. However, it could be really damaging only if A is in the middle of a corporate/personal scandal.

This is what happened with Sarah Pailn and the Chiliean wine Palin Syrah. According to Chris Tavelli (a wine bar owner), Palin Sayrah was one of the best selling wines in his pub before her nomination as a Republican V.P. People were constantly put off of its low price and questionable quality.

How the affected party should react?

Well, there is no a straightforward answer really. Everything depends on the specific situation and whether the affected organization is willing to take any further steps to rebuild its reputation. The main point here is the harmed company or the individual must distant itself from the one with a bad image and make sure to demonstrate different corporate values. If the company publicly complains about its reputation loss and provide enough evidences about it, such as significant financial drops, then it has the real chance to increase its popularity, find new markets or even entirely re-position itself. As I always say, it all depends on the abilities of finding an opportunity in the crisis.

---
gnucitizen information security gigs part of the cutting-edge network:

• No active items found!
• GNUCITIZEN NETWORK

---
recent posts from the gnucitizen cutting-edge network:

The Making of Metagun
Automatic Vulnerability Screenshot Taking with Websecurify 0.7
Websecurify 0.7
ColdFusion directory traversal FAQ (CVE-2010-2861)
Websecurify 0.7RC2