855-873-3707

BLOG

Good bots, bad bots

They’ve been around for decades!

What are bots?

Bots (AKA chatbots–like SIRI and other virtual agents) are increasingly effective artificial intelligence (AI) supported software that helps automate tasks. This includes a wide range of things like updating your calendar, getting answers to spoken questions, shopping, data collection and website scanning. Web spidering, which retrieves, analyzes and files information from web servers at many times the speed and efficiency of humans, is the most common kind of bot. Research shows that until recently, bots generated even more website traffic than us humans, with a modest tapering off last year.

Bots and apps perform different if overlapping functions. Bots, however, are dedicated to single functions. There’s nothing new about internet bots (short for robots). They’ve been around for decades.

So, why are we hearing so much about them now? Cost savings for businesses and individual users are driving Microsoft, Google, Slack, Kik, and soon, Facebook, to create more bots to complete highly repetitive, routine tasks. Accelerating this momentum, consumers are demanding quicker access to information and faster customer service, both of which are provided by bots. Though bots can’t yet fully replicate human customer support dialogue, they are virtually invisible in other areas.

Good bots, bad bots

Good bots include the ones described above–owned by legitimate businesses to automate tasks for the benefit of users. Bad bots, by contrast, create havoc by automating spam campaigns, denial of service (DDoS) attacks or launch vulnerability scans to do even broader damage. Unfortunately, there has been a relative decrease in the percentage of good bot activity, with bad bot traffic fluctuating around 30%. That said, the overall amount of bot and human traffic continually increases.

Bad bots are morphing

Bad bots are disseminated by individual, small and larger criminal groups. They continue to grow in direct relationship with the world population of internet users (now over 3 billion). “Impersonator” software, discussed in previous OWDT posts, is the fastest growing category. The vast majority of security events are the result of bad bot incursions.

 

Does captcha work?

Bad Bots: The big picture

There are approximately as many automated, AI-assisted internet bots as there are humans on the internet. Unfortunately, a high level of bad bot internet traffic (e.g., impersonators trying to steal usernames and passwords) is holding steady compared with a decline in ‘good bot’ traffic (e.g., routine automated customer service functions). On average, websites are targeted by one malicious bot for every two humans.

Most of you reading this post work within mid to small-sized organizations. If so, your site typically has security vulnerabilities that make you a target. Most hackers who launch bad bots want to steal information, not extort money (as with dreaded denial of service attacks). This underscores the critical importance of using different usernames and passwords for all sites you regularly visit.

Bad bot human impersonation goes beyond information theft

Because bad bots can impersonate human written communication, they are often used to disrupt or even shut down online conversations. The objective of those instigating such attacks is to confuse readers and even stop the dissemination of information they believe is threatening to their interests or beliefs.

Bad bots also create havoc by–

  • Buying up good seats for concerts and other events for inflated resale prices.
  • Inflating the number of views for YouTube videos and other social media posts.
  • Flooding online gaming with high-speed bids to sabotage outcomes.
  • Driving up web ad traffic counts to extract more money from advertisers.

One notable success

Have you noticed the reduction in spam in the recent years? –Spam bots which constituted 2 percent of internet traffic four years ago, was reduced last year to 0.1 percent. The reason? Before 2012, spam links boosted SEO (Search Engine Optimization). Then, Google decided to introduce a new SEO algorithm that penalized not only those originating spam links, but also those who hosted them with the objective of deceptively achieving higher search engine results. This zero-tolerance approach worked.

A number of IT security experts have recommended tighter ground rules for business and government. If enough stakeholders agreed, the industry could then push for a non-negotiation policy against cyber extortionists. Unfortunately, suppressing most types of bad bot activity won’t be as easy as it has been for spam reduction.

Does captcha work?

Have you wondered how effective CAPTCHA  is in differentiating humans from robots? (CAPTCHA screens pop up with floating characters that you input into a field to gain access to a website). Unfortunately, Captchas provide only low-level protection and can be circumvented by a variety of means.

Bad bot surge on mobile web

Because there are now more mobile than desktop users, hackers have been aggressively developing complex, sophisticated techniques to attack these devices. So, make sure your portable devices have the best, latest security in place. –IoT (The Internet of Things) and wearables are emerging as the next targets.

In addition to never using the same username and password combination twice, only enter your credit card information on secure sites, keep your software (including browsers) up to date, and make sure your anti-virus software is of the highest standard. Not taking these measures can cause you significant grief. Finally, if your computer, unbeknownst to you, is hijacked and turned into a zombie bot, you will be hurting others as well.

More Insights