Amateur cons fall victim to an epic prank after stealing from Zen Arbitrage
What follows is the true story about how “Textbook Money” stole our data, and how we royally conned them in the process.
In this article:
- How thieves tried to steal data from Zen Arbitrage.
- Exposing the cultprits as Textbook Money.
- How we flooded Textbook Money with bad data.
- Interview on this stunt with Zen Arbitrage’s developer
- Announcement on a new trade-in credit tool.
- Special offer for all Textbook Money customers.
Several months ago, the lead developer at Zen Arbitrage noticed some unusual activity among users. One of our subscribers was logging a highly unusual number of searches of our book database.
It was quickly determined the activity was the work not of a human, but a “screen scraping” bot. These bots are created by hackers to mimic human behavior, including “clicking” and “scrolling” behind website paywalls to steal data.
It was clear this unusual activity was the work of a bot that was stealing our data.
What were the hackers after?
The theory was simple: Our data. There’s money in data, and Zen Arbitrage has the best.
For the uninitiated, Zen Arbitrage is my online book sourcing tool which has a database of over 15 million books. Among it is lucrative data such as textbook trade in value, sales rank, IBSN info, and more.
Also in our database is data no one else has, including six month average sales rank, a textbook-only database, another database containing thousands of books with book arbitrage / resale value, and more.
The timing of the hack (or its second wave, as I’ll explain) coincided with a massive overhaul of our database and data harvesting. To put it simply, we expanded our database and and the rate at which we refresh the data, making our already exceptional database even more appetizing to hackers.
If your online arbitrage database is complete garbage, you’ll definitely want to copy, infiltrate, or otherwise beat down the door of Zen Arbitrage.
Our lead developer is 3 parts genius and 1 part prankster, so rather than block bots, he does something even better: Feeds them a mountain of garbage data.
While the bot requesting data about books on Amazon such as ISBNs, average sales rank, and trade-in value, what they got was completely useless but appeared accurate: Books with incorrect values, inaccurate ISBNs, and totally fake trade-in value.
“Hackers get hacked.” That’s our motto.
The hackers expose themselves
After a few months of that, the thieves made two fatal mistakes.
First, they tripled their requests. This caused page load time for Zen Arbitrage to slow, triggered alarms behind the scenes, and provoked us to investigate.
Second, they pulled a move so amateur, its defies belief: They hammered us with request from an easily traceable IP address.
It was the IP for “Textbook Money”:
(Click to enlarge)
“188.8.131.52” is the IP where the Textbook Money app is hosted (their app, as distinct from their URL):
Note: “There are no other sites hosted on this IP“
(Note: All data taken by the culprits was book-related. No credit card or user data was taken.)
Before we continue with the epic prank we pulled on them, some background…
Who or what is “Textbook Money”?
Textbook Money is a tool that claims to find opportunity to profit off Amazon trade-in value.
Sometime a few months ago, two guys no one had ever heard of started promoting this tool, touting themselves as some kind of Amazon experts who can teach people how to spot books they can buy for one price, and trade into Amazon for a higher price.
The price was $1,000 to join, and $97 a month after. (That price should trigger anyone’s rip-off alarm.)
Yet it gets worse…
The guys behind this went by “Luke Lambo” (aka Luke Sample) and “Jon Shugart.” (Yes, he goes by “Luke Lambo” with a straight face.)
Yet, still it gets worse…
No one (as far as I can tell) in the Amazon selling world would promote Textbook Money. I asked around, and found no one credible who would promote it, despite heavy affiliate commissions
(If you know of anyone in the Amazon selling space who promoted Textbook Money, email me).
Instead, Textbook Money focused their promotions to the “get rich on the internet” crowd (which I couldn’t be less of a fan of).
How Textbook Money came on my radar
When they launched their product over the summer, my inbox began blowing up with questions. Naturally if its “selling books on Amazon” related, I’ll get questions about it.
Obviously Textbook Money looked really scammy, but when asked, I withheld comment without any solid evidence.
Side note: Textbook Money is not a Zen Arbitrage competitor
There was no financial motive for me to have an opinion either way. Textbook Money is not even close to being a competitor to Zen Arbitrage simply because it only does one of the many things Zen Arbitrage does.
Textbook Money offers only two things:
An Amazon trade in value tool. Textbook Money finds trade in value for textbooks. Zen Arbitrage does this (in a different way) – and offers multiple other ways to profit from online book arbitrage, from selling leads to other users, to our core function: Finding books you can sell yourself (where the real money is, despite what the trade-in tool marketers tell you).
A Zen Arbitrage clone. I forget what they even call their Zen Arbitrage rip-off product, but it’s $297 a month (vs. $79 for Zen Arbitrage). Like other attempts to knock off Zen Arbitrage, it doesn’t do a fraction of what Zen Arbitrage does.
Point is: This is not a story about two “competing” software products. Textbook Money only targets sellers who don’t know Zen Arbitrage exists, or the “get rich quick” crowd, and doesn’t compare.
What are people saying about Textbook Money?
Soon after Textbook Money was released, Zen Arbitrage began getting a small tidal wave of their upset, former customers.
It seems that their customers became very unhappy very quickly, and found Zen Arbitrage as a much less expensive (and more robust) alternative.
The consistent grievance was that the trade in credit opportunity had dried up almost as soon as Textbook Money was released.
Here’s a sample of the emails I received:
And in the interest of fairness, this person made money with Textbook Money, “in the beginning.”
What else are people saying about Textbook Money?
Seriously, just Google it. It’s crazy.
Here’s a sample of the venom Textbook Money received:
And then there’s the tidal wave of “rip off alerts” on the internet about Textbook Money. Don’t take my word for it. Google “Textbook Money scam” or “rip off” and you’ll get an eye full.
Who are the guys behind Textbook Money?
The guy on the left also goes by “Luke Lambo.” Yes, he actually calls himself that. Let that sink in.
We can let the name (and the “soul patch”) of Luke Lambo speak for itself, but if those don’t paint a full picture, here are a couple more links about their past endeavors:
Back to the story about how we conned Textbook Money…
For months, we’d been feeding the mystery thieves mountains of garbage data. Completely inaccurate gibberish.
If a book had a rank of 100,000, we fed the attackers a rank of 3 million. If it had a trade in value of $2.31, we said it was $110. We scrambled ISBNs, titles, everything.
Anyone trying to use this data to make money with online book arbitrage would be instantly out of business. It was unusable.
The plot thickened when we figured out the infiltrators were Textbook Money
This is where it got interesting.
In analyzing their motive, our only reasonable assumption was:
“Textbook Money is stealing our data, and selling it to their customers.”
Remember, the data they were getting (and selling?) was complete garbage.
That means any customers they may have sold our data to were getting…. complete garbage.
Do you see how poetic this justice is? (Justice for the culprits, not their unwitting subscribers)
If the theory was true, Textbook Money has been selling their customers completely inaccurate garbage for months
Any data they stole from us and then sold to their customers was completely garbage, and their customers were getting sold complete garbage.
And if accurate, Textbook Money reselling the garbage data we’d been feeding them would explain the huge uptick in bad reviews, angry customers, and exodus out of Textbook Money (and over to Zen Arbitrage) around the time we started sending them garbage data.
This might be the most poetic justice in the history of poetic justice.
All of this raised a few questions
- Did Textbook Money build their entire Zen Arbitrage-clone off stolen data?
- Who else in the Amazon-software world is Textbook Money stealing data from?
- What did Textbook Money do with the tidal wave of bogus data we sent them?
- Did Textbook Money turn around and sell this gibberish to its customers?
How low are these guys?
At $1,000 and $97 a month, you’d think the Textbook Money guys could afford the $79 monthly charge for Zen Arbitrage to steal our data.
Ever heard the saying: “The way you do one thing, is how you do everything“?
Every credit card linked to the Textbook Money accounts since November 2nd (and most before) has been declined (i.e. totally fake or empty accounts).
Every time our system would boot them for declined charges, they’d sign up again under an email address that slightly deviated from “firstname.lastname@example.org“. Here’s a sampling of email addresses associated with the fake Textbook Money hacker accounts:
Apparently they’re not above credit card fraud either.
We decide to prank them even harder
Zen Arbitrage’s lead developer had an even funnier idea: Let’s go full prankster and send them a tidal wave of data that was, let’s just say, “catered” to them.
From that point, for every request they placed with Zen Arbitrage we gave Textbook Money special results like:
- Google results for “How to hire an FTC lawyer.”
- “Getting Sued for Dummies.”
- Google results for “Textbook Money scam.”
- Google results for “how to not get caught stealing data.”
- Google image results for “get rich quick scam artists.”
There’s something to be said for doing things just because they’re funny.
Before we offer the big takeaway (and a cool announcement), let’s do a little sidebar interview for a behind the scenes look…
Sidebar: Interview With Zen Arbitrage’s Lead Developer
Me: Tell us in one or two sentences what a bot is, and what it does.
Zen Arbitrage developer: In general web parlance, a “bot” is a piece of software used to simulate the behavior of a real human user interacting with a webpage, usually without the permission or knowledge of the content owner. The variety Zen typically encounters are referred to as “scrapers” – they’re custom-built and their only objective is data theft.
(Similar attack faced by an unrelated entity)
This isn’t the first time Zen Arbitrage has seen this.
ZA developer: Not at all.
In layperson terms, what would motivate someone to unleash a bot on Zen Arbitrage?
ZA developer: The Zen team has put considerable effort into building a well-oiled machine for processing and analyzing Amazon data. Zen is far more than just an interface for viewing Amazon data – we have proprietary formulas for data points like average sales rank that make us an appealing target for lazy and dishonest people looking for shortcuts by piggybacking on others’ hard work. It’s the same thing that would motivate someone to shoplift a book from Barnes and Noble.
You started to notice some unusual activity a few months ago. What did you see?
ZA developer: Every request on the internet includes certain identifying information about it’s origin. Bots built by very amateur programmers will often neglect this important detail and accidentally identify themselves as such via something called a “user agent” (nerd-talk for “the browser you’re using”). Other bots we’ve seen have been built by more skilled engineers and have required more complex analysis, but this one stood out like a sore thumb. Total amateur hour.
And you launched a counter-attack. Describe how you responded.
ZA developer: There’s already a few front-line defenses in place to protect Zen from data theft. For the most part, bots are dealt with automatically and don’t require any manual touch on our end – the stuff they request gets scrambled before it’s sent, so they’ll typically receive what appears at first glance to be real books, but with enough inaccurate data to make them worthless.
Recently they tripled their bot activity. What was significant about this timing, and what do you think provoked this?
ZA developer: The timeline syncs up with both Textbook Money recent promo campaigns, and Zen’s recent improvements. We’ve been focusing on “behind the scenes” improvements, like expanding our database, and increasing our data refresh rate – things that probably turned us from an appealing target to an irresistible one.
How and when did you trace this to Textbook Money?
ZA developer: Definitively and quickly tracing these things back to a particular person or group is usually pretty difficult. You usually find these things hosted on their own dedicated servers, anonymized or rented with bogus information. Because we have a damage control system in place and prefer to spend our time making a great product greater, its not really worth wasting it on unmasking most of them.
But right around the time of the huge traffic spike, our system flagged a new IP address. It wasn’t very long before I’d found the owner of 184.108.40.206 (easily traced, such as on this page).
Based on this revelation, you began sending them some more “specially catered” data. Tell us what you fed their bot towards the end.
ZA developer: I dug a little bit deeper into their background/founders and decided to generate a dataset of “books” that felt especially relevant to them:
- “The Lonely Planet guide to Atlanta FTC Attorneys”
- “Harry Potter and the Art of Deception”
- “Ghost in the Wires”
- “Anthony Bourdain’s Cooking With Snake Oil”
… and more.
Most of these aren’t real books, but if you’re on the other end of the Textbook Money bot you might be convinced otherwise.
Say a few words about the culprit’s hacking ability and technical skill.
ZA developer: I’m stunned they couldn’t track down someone with at least entry-level programming skills to operate this thing for them. Seriously. I don’t think I’m allowed to discuss everything we found, but I’ll leave it at this: I could walk on any college campus and find first-month computer science freshmen to build less clumsy software. It’s almost like they wanted to get caught.
Just to recap: You fed all requests associated with the Textbook Money IP a mountain of worthless data over several months. Generally speaking, if someone was flagged as a bot, received the garbage data we sent them, and sold it to their customers, what would they be receiving?
ZA developer: I feel bad for any customers caught in the crossfire, but we have to keep these bots in a sandbox where we can limit their access to real data. And if someone using a bot sold the data we gave them, and you were their customer, your heart might skip a beat when you see the $10,000 trade-in value for a textbook called “Soul Patches, Illiteracy, and Adult Virginity: Causal Relationships Examined.”
If that happened to you, I’m truly sorry.
Any more pranks prepared if they attempt to strike again?
ZA developer: No comment.
If our theory is correct that the only reason to sick hack-bots on Zen Arbitrage is to sell our data to their users, then the only logical conclusion is:
Textbook Money has been selling completely inaccurate, fake data to its subscribers
And that’s how you con a con artist.
Announcing: How its about to get worse for Textbook Money
As soon as we figured out Textbook Money were stealing our data, we asked ourselves an important question:
“How do we turn this into something good?”
The answer was obvious and instant:
Creating our own textbook trade-in arbitrage tool
We already have the data. We have the programming muscle. And we have subscribers savvy enough to be doing online book arbitrage anyway.
Our lead developer set to work on creating a tool specifically to identify trade-in opportunity – for a fraction of the cost of “Textbook Money.”
War on con artists
I can’t stand to see Amazon sellers ripped off. I’ve been the Amazon seller who is totally broke, and spends $47 that I didn’t have on an ebook that was useless and terrible.
That $47 still stings. I can’t imagine spending $1,000 (and $97 a month) for something that didn’t work. I would never forgive anyone who did that to me.
So here’s what’s about to happen…
We’re working overtime to launch our Amazon trade in credit arbitrage tool. It’s going to be good.
Look for word on this soon (and go here to get on the early bird list).
If you’re one of those people (like me) who likes to skip to the end of articles, here’s the timeline of this epic saga:
- Textbook Money gets released.
- Around this time, strange hack bots are detected infiltrating Zen Arbitrage.
- We feed them mountains of inaccurate, garbage data.
- We exposed the culprits as Textbook Money, stealing our data.
- We fed them mountains of additional data on finding an FTC lawyer, how to not be terrible at hacking, etc.
- We’re readying to release an Amazon trade in arbitrage tool that is cheaper than Textbook Money (by far).
And that is how Textbook Money got massively conned.
-Peter Valley & Team Zen
PS: Have experience with Textbook Money? Leave a comment below.
PPS: Current Textbook Money (or other Zen Arbitrage knockoff) subscriber? Email a screenshot of your TM account info (or forward a TM confirmation email) to fbamastery[at] gmail.com and we’ll set you up with your first month of Zen Arbitrage for $49.
PPPS: Active in any Facebook groups or online forums where Textbook Money is promoted? Share this article there.