Modern bots are almost indistinguishable from humans - and that's a problem

Zero-day attack
(Image credit: Shutterstock.com)

Bots have made headlines for several years now, but there remains an air of mystery surrounding how they actually affect our day-to-day lives.

Sophisticated bots look and act like human users, with most bot activity indistinguishable from human activity to the naked eye, and even to most bot detection software. This is worrying for several reasons.

To learn more about the threat posed by bots and how it can be mitigated, TechRadar Pro spoke with Dan Lowden, CMO at White Ops.

How would you define a bot?

A bot is an automated tool (software) that carries out repetitive and mundane tasks at scale. There are ‘good bots’ that help assist humans to accomplish tasks faster.

‘Bad bots’ or more ‘sophisticated bots’ are focused on automation at scale to do harm. Sophisticated bots look and act like humans when they visit websites, click on ads, fill out forms, take over accounts, and commit payment fraud.

The sophisticated bots are created by cybercriminals by putting malware on devices, causing billions of dollars in losses to companies and impacting the customer experience. This is a massive problem that is impacting every organization of all sizes across the globe.

Are there any tell-tale signs?

The tell-tale sign that you have a sophisticated bot problem is that you would see unusual activity on your website, form fills and applications with wide fluctuations in scale. When bots are attacking your websites, form fills and applications, you will see a lot of traffic but the result will be fraudulent activity producing bad customer data and lower conversion rates and ROI.

Why are bots dangerous?

We ask the question, if a cybercriminal organisation had millions of bots at their disposal to target a company, what bad things could they do? The answer is a lot of bad things. They are the modern day bank robbers.

What demographic do bots target most frequently?

Fraudsters follow the money. They target ecommerce sites, specialty inventory, high net worth accounts, streaming sites for music and TV, mobile applications and form fills. Anywhere they can make money in the background with no one knowing about it.

What strategies/tools can businesses and consumers use to fend off bot attacks?

The good news is that these sophisticated bot attacks can be stopped and taken down. By partnering with a bot management and fraud protection specialist, you can gain visibility on attacks and stop them through machine learning, threat intelligence, technical evidence and continuous adaptation.

What is the significance of bots in the context of politics/the US election?

We’ve reached a point where it’s no longer safe for American citizens to assume that the interactions they have online are with humans, and not with increasingly sophisticated bots.

A couple of years ago during the Net Neutrality vote, bots were used to flood the Federal Communications Commission comment portal with millions of posts, using the identities of deceased individuals, which ultimately influenced the policy vote in Washington, D.C.

During the 2020 election, the question became what – and who – was on the other side of an engagement or interactions we were seeing online. Not only does this impact trust but it raises an important question of is there a human on the other end of the screen or not?

Botnets are all about leverage – taking a task that used to require a large group of people and making it possible for a smaller group to do that same task but at a much larger scale than before. In future elections, individuals will need to consider whether the news they see or the person they are interacting with could be a bot. 

We the cybersecurity industry, alongside law enforcement and other partners, must continue to work together and work harder to disrupt the economics that fuel cybercrime – our country’s integrity depends on it.

What has allowed White Ops to reach the 10 trillion interactions per week threshold?

White Ops now verifies the humanity of more than 10 trillion digital interactions every week. The White Ops Bot Mitigation Platform verifies these interactions on behalf of our customers and determines whether it’s a sophisticated bot or human to protect our customers from fraud and abuse.

We have reached this milestone based on the trust our customers have given us to protect their digital interactions across their business. We do this for hundreds of companies, DSPs, and Internet Platforms. Because of this scale we gain an even deeper understanding of the larger cybercrime landscape, enabling us to constantly innovate to stay ahead of adversaries.

What does this achievement mean in practical terms?

It means better protection for businesses and consumers from fraud. White Ops mission is to protect the integrity of the internet by verifying the humanity of every online interaction and to disrupt the economics of cybercrime. As a result of our work, we have taken down countless fraud organisations and long term stopped fraud.

One example is the lead role we played in collaborating with the FBI, Google, Facebook and many other partners in the takedown of 3ve - one of the largest botnets ever defeated.