March 29, 2019

Facebook is abuzz at the moment with speculation that the booming Revoke Article 50 and remain in the EU’ petition – fast approaching 6-million signatures – is partially the work of bots.

Technically speaking, bots are automated programs controlled remotely and designed for a repetitive task, like connecting with a customer service agent, re-tweeting any post with a given hashtag, or blocking spammers from a private chat group.  There are good bots and bad ones.

The bad ones get up to things like secretly recording keystrokes on your PC in order to steal passwords, or working in harmony with other bots as part of a ‘botnet’. These can be quite powerful, effectively turning hundreds or thousands of business and home computers into ‘zombies’ capable of emailing spam to millions of Internet users or generating fake website traffic for financial gain.

Does that mean the ‘Cancel Brexit’ petition is a bot-driven stitch up?

The petition’s surging numbers probably aren’t being egged up by bots. The email validation process alone acts as a strong deterrent.

Before an electronic signature can be accepted each signatory has to supply a unique email address and click on a verification email. It’s easy enough to set up an email address but setting up tens of thousands in real time is extremely difficult — theoretically possible but highly complex in execution. Anyone signing the petition in the UK also has to provide a valid postcode.

Of course a bad actor could buy stolen email addresses on the black market, but then they would need to have access to those email accounts and each validation email.

So we can relax?

Even if bots aren’t behind the boom in signatures, they are becoming an issue, from stealing data to distorting prices on online ticketing sites, or causing a massive spike in energy bills when computers are zombified as part of an unauthorised crypto-mining campaign.

The Revoke Article 50 petition site was down for extended periods in the days immediately after launch, which could be a sign of another well-established bot activity – hijacking large numbers of computers to launch a Distributed Denial of Service (DDoS) attack. In this case the intention would have been to slow down or crash the platform in order to dissuade voting.

How do they get in?

Malicious bots gain access to computers by installing malicious code. More often than not, users mistakenly enable the infection themselves by clicking a phishing email or saying yes to an infected download. Once the code embeds itself in your machine’s operating system, the newborn bot calls its mothership and confirms it is ready for action. At that point the PC is part of a botnet.

Once the botnet’s owner has control, they put your machine work. Common uses include:

  • Stealing private data
  • Taking part in distributed denial-of-service (DDoS) attacks to shut down websites like the Cancel Brexit petition
  • Placing banner ads in your web browser that specifically targeted to you
  • Pushing out pop-ups offering a phony anti-spyware software to remove the bot – for a price
  • Mass sending of spam emails
  • Pushing up web traffic on a specific site to improve SEO or royalties

In any infection the bot uses up energy and processing power, while potentially leaving the computer open to other kinds of malware infection, and a back door through which hackers can enter the company network.

How do I keep bots off my machine?

The best way to fight bot infection is to alter the behaviours that let them in. Staff need to be empowered to recognise a potential source of infection, avoid it, and report it.

Phishing is the main culprit here so helping staff understand the importance of not downloading attachments or clicking on links from email addresses they don’t recognise is key.

Making sure firewalls are switched on is important too. This happens automatically on the company network but if work machines are being used remotely, or you have a BYOD policy, an un-patched or inactive firewall could be enough to bring infections onto the network when machines are re-connected at the office.

These solutions are simple, but powerful too. Botnet distributors rely on soft targets in order to infect a large number of machines quickly and avoid detection until it’s too late. As such they tend to quickly move on when they meet resistance and first attempts fail.

Want to learn more about empowering your employees’ security defences?  Why not sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: