A history of bot fraud

Sunday, May 16, 2010

Javvad Malik


Someone recently asked me for some advice on avoiding Bots when online

Now there are many different ways to answer this question, so after much deliberation, pizza and a roll of the dice we thought it be best to break it down cynic style.

Back in the old days before computers were invented or the Internet was discovered, everything was black and white and there were good guys and bad guys. The bad guys back in the day weren’t too different from those of today. Yeah sure they chewed tobacco, but their motives were the same, they wanted power and money.

Traditionally though, the money was gold and it was held in banks. So the evil doers simply spent their time planning how to rob banks or trains etc.

However, it was always easy to pick out a bad guy for the following reasons:

1. They were ugly

2. They wore black hats

The good guys on the other hand:

1. We handsome alpha males

2. Wore white hats

Based on this can you differentiate between the two cowboys and tell who the good guy is and who’s the bad guy?

So now we’ve established there are bad guys out there, let’s consider their approach.

They tended to have a very direct approach to committing their crimes as depicted in the picture

As time went on though, the black hats found that this direct approach was time consuming and dangerous. So they thought it would be a good idea to employ other black hats to do their dirty work for them. That way they could relax in their safe houses and rake in the profits without any of the risks.

Setting up a corporate structure helped the black hats a lot, however it was still a risky business. High net worth individuals employed their own security and were harder to get to. Additionally the times were moving on, the lawlessness of the wild west was being replaced by an overall more law-abiding society.

Black hats couldn’t just wander the streets looking for victims. So they had to change their methods in order to adapt to the changing landscape.

So they employed tactics whereby they would first gain a victims trust and get on the inside before showing their true colours.

In order to achieve this the big boss black hat had his minions impersonate vulnerable, trustworthy, friendly or even officials in order to get the information they needed so that they could get the money. You see by this time, people had stopped carrying around bars of gold and cash was limited. So the organisation began to look a bit like this.

With the advent of the internet and all the wonderful things in it, many businesses took their models online. The black hats did the same. They simply took their existing model online and took advantage of all the new applications such as Facebook, Twitter, Chat rooms, emails, basically anything that would allow them to communicate with an end user in order to continue to perpetrate their fraudulent acts. So the model didn’t change, except for the communication channels.

So what are the robots or bots? What’s a botnet and how does it fit into all of this?

Well, the black hat being the greedy type didn’t like the fact that he had to give his henchmen a cut of the profits. So he bought a PC and installed a programme on it that would automatically send out emails or twitter messages or facebook friend requests on his behalf.

Then he discovered that he could deploy the code onto lots and lots of other computers around the world who would do all the dirty work for him.

Ultimately he built up a network of computers which had his software installed on them and were at his mercy. This formed his army of robots, or “botnet” as it is commonly known. So as you can see, gone are the middle-men black hats and replaced by computers.

We’ve traced the history of where we are today. So the question remains, what do we do? Well, we understand that regardless if a black hat is using a computer or a letter or even a real person they all have the same motive. Treat any interaction on the internet the same way as you would in real life. Be alert and suspicious. Remember, behind that facebook profile or twitter message isn’t a pretty girl wanting to date you… its this man!

Stay cynical, stay secure.

This article originally appeared on Infosec Cynic

Possibly Related Articles:
Enterprise Security
fraud Botnets
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.