Advert

The rise of the bot army

Beware of the bots says Matthew Anthony Pace.

In today’s world over 70 per cent of internet traffic is run and used by autonomous robots and automated systems. Out of that traffic, over 80 per cent is for malicious purposes.

Mind you, automation carries various benefits. Automated systems are developed to perform repetitive and trivial tasks that would be inefficient and take a great deal longer for humans to do. While some automated systems can be developed to learn by themselves to be able to handle future events and tasks which may not have been catered for during development, in most cases they are built to perform the same action or task over and over again.

Highly advanced automated systems do exist, which can perform complex solutions to problems such as ones related to visual and audio recognition and manipulation. While these systems may perform well, they are still not capable enough to replace a human being yet.

Other bots are employed for malicious uses, ranging from simple denial-of-service attacks to social media fraud and gambling, including placing bets and providing an unfair advantage in online multiplayer video games.

Leading social media sites are under constant bot threat. Bots are used to create large amounts of fake user profiles, which are then used to provide likes, followers and written reviews to people willing to pay for them. While this does not directly affect legitimate content users, it provides false popularity. A large amount of social media content has gone viral this way, as certain social media sites use popularity algorithms to place the most popular content on the platform’s home page.

In recent years the use of bots in the online gaming sector has been on the rise. Although some gaming companies are against bots, others have welcomed the use of bots with open arms and even offer a direct application programming interface to make it easier for automated developers to integrate with. This also gives gaming companies more transparency over who, what and how often the bots are performing actions – in turn, this allows operators to put in place limits and thresholds for each account accessing the application programming interface, in order to prevent abuse.

Bots are used to create large amounts of fake user profiles, which are then used to provide likes, followers and written reviews to people willing to pay for them

The most common malicious purpose for bots is in botnets. These are large-scale distributed systems which are under control through a single user or a group of users with an intent to use a large amount of computing resources. Botnets can be used for distributed denial of service attacks, large-scale complex calculations such as password hashing which helps the cracking of passwords faster, and even for mining Bitcoins. These bots are usually packaged with legitimate free software to encourage users to download and install them – the user is of course completely unaware of the additional installation.

In the online multiplayer video gaming community, there has always been a market for software that provides unfair advantages against legitimate gamers. Such applications include aimbots which, as the name suggests, provide auto aiming and auto firing capabilities. There are also resource miners which are mainly used in role-playing games that require resources to level up and complete the game.

When it comes to detecting and defending against malicious bots, it can be as simple as implementing a Captcha system on the software that requires protection against abuse. A Captcha system is used to confirm that a request has originated from a human user. While this is a good starting point to prevent automated requests, it should be used in conjunction with denial-of service protection and originating country, IP address and proxy checks against a known global blacklist.

For gaming, preventive measures include the implementation of a pathway and event logging system which tracks the movement and events that are triggered by the gamer. These logs are then reviewed for any repetitiveness or erratic behaviour. Another concept which is used widely in MMORPGs is random game events. These are in game events that occur at random intervals and which are not a normal part of gameplay. For instance, this could be the blocking of a main pathway in the quest, which would require the player to manually find a new pathway. This can cause an unintelligent bot to start behaving erratically as it would not know how to handle the event. Once detected by the mentioned systems, an appropriate disciplinary action can be taken against the offending gamer.

Matthew Anthony Pace is a software developer and electronics designer by day and a security researcher and blogger by night. He blogs at https://lookuga.com .

Comments not loading? We recommend using Google Chrome or Mozilla Firefox with javascript turned on.
Comments powered by Disqus  
Advert
Advert