What are bots, and why can they be a problem?
A lot of the attacks that you have learned about so far in the course are only effective if the attacker can repeat the same action many times. Instead of the attacker repeating this action manually, they often automate the process by using bots. In this step, you will learn what a bot is, why they are useful, and how they can be misused.
Bots are automated programs that perform tasks repeatedly. Ideally, these tasks are simple, repetitive, and performed much more quickly by bots than humans. Internet bots (which are also referred to as bots, and are the kind of bots that you will learn about in this step) perform these tasks over the internet.
Bots are a crucial part of the internet’s infrastructure and perform lots of useful tasks. For example, bots identify and index new websites for search engines so that they can be included in search results. Given that an estimated 4 million blog posts are created every day, the task is too big for humans to manage, so a bot that can process the information much faster is needed.
If a task is too large for one bot, a botnet might be used instead. A botnet is a network of computers which are all programmed to perform the same, or a similar, repetitive task. The bots in the net(work) can communicate with each other to effectively share the workload.
However, not all bots are good. Attackers use bots to increase the scale of their attacks and to reduce their overhead costs (such as computing power and storage).
For example, bots can be used in SQL injections. An attacker might not know which websites are vulnerable to which SQL injections, so they would have to try lots of different inputs in lots of different websites. If they can program a bot to perform the same action, the process will be much faster, allowing the attacker to find more vulnerabilities. Furthermore, if the process is automated, the attacker can do something else while the program is running.
Attackers also use botnets. These are particularly useful to attackers if they want to send repeated requests to a website which rate limits the number of requests it receives from one IP address (i.e. websites that seek to prevent one individual trying to perform the same operation too many times). If an attacker controls a botnet, they can send the request from lots of different computers with different IP addresses, which fools the website into thinking that the requests are all coming from different people. This setup allows the perpetrator to carry out attacks such as DDoS attacks (you will learn about this in the next step).
Attackers often create botnets by infecting other people’s computers with malware, as you learned about earlier. This means that their victims are also paying for the energy needed to conduct the attack. When computers are infected with malware and start running more slowly, the computer may be operating as a bot in a botnet, so part of its processing power is being diverted to the task set by the attacker.
It is estimated that just over half of all activity on the internet is conducted by bots, rather than by humans. Furthermore, more bot activity is performed by malicious bots than by regular ones. This means that an alarmingly high proportion of internet activity is malicious; in fact, about one in every three visitors to a website is a malicious bot. These statistics come from a report by the security company Imperva — you can read more here.
In the next step, you will find out more about distributed denial-of-service attacks.
- Besides indexing new websites, what other internet processes do you think are performed by bots?
- You have learned about a few examples of malicious bots in this step. Can you think of any others? Are there any that you have encountered?
- How might websites protect themselves from botnets?
Share your answers in the comments