5:45pm

Thu July 3, 2014
All Tech Considered

In A Battle For Web Traffic, Bad Bots Are Going After Grandma

Originally published on Mon July 7, 2014 11:05 am

As the Web turns 25, it's becoming a terrific place if you're a bot.

It began as a tool for human communication, but now, over 60 percent of the traffic on the Web is automated applications called bots talking to other bots, according to one study. And experts say about half of those bots are bad.

But first let's talk about the good bots.

For example, Google's bots crawl around the Web to find the best information. There are also bots that help make the Web run smoothly, says Marc Gaffan, co-founder of Incapsula, a website security firm. These bots "check that our websites are up and running all the time and measure how fast they are," he says.

Incapsula released a report that found the percentage of nonhuman Web traffic went from around 50 percent in 2012 to over 61 percent of all traffic last year.

Gaffan says a little over half of those bots are bad. The bad ones are "scanning your website looking for vulnerabilities; they're potentially trying to hack into your website," he says.

Once inside your system, bad bots can get a lot of information, like corporate and government secrets. But Dan Kaminsky, the founder of the security firm White Ops, says his company noticed that bots were going after individual users.

"They're not going after people with secret military documents," he says. "They're going after grandmothers. They're going after everyone they can. And we were genuinely curious, why? Why hack Grandma?"

Kaminsky says the answer is that the bots want Grandma's identity, at least on the Web. He says there are underground companies that promise to bring viewers to websites. But what they are really doing is hijacking Grandma's computer and making it look as if she visits the sites, and that makes the sites more valuable to advertisers.

"They're doing a very little piece of identity theft," Kaminsky says. "They're pretending to be you to advertisers who are willing to pay a little bit of money to get a little bit of your attention."

Kaminsky says the problem with this kind of fraud is that it lowers the quality of what's on the Web.

"You see the Web sometimes and you click a link and you get a page and there's 30 ads on it and five of them are blaring audio at you," Kaminsky says. "And you think, 'Who could possibly ever find any value in this Web page?' And the answer is nobody. Nobody would ever go to a page like this. But nobody is — it's all machines tricking machines."

The big problem is that "bots will click on anything — they have terrible taste," Kaminsky says.

If bad bots were left to their own devices, bad taste would dominate the Web. But, even worse, Kaminsky worries that this kind of advertising fraud is undermining the economics of the Web.

Though people "tend not to like advertisers, advertisers have paid for a network that allows greater interpersonal communication than any other time in history. Who paid for all this free service? They did," he says.

Kaminsky's firm works with advertises to fight this problem. He worries that advertisers will go back to the TV or other outlets, which are better protected against fraud.

A study honoring the Web's 25th anniversary by the Pew Research Center interviewed 1,400 experts. Many shared Kaminsky's concerns.

"That's what these experts worry about: If it becomes too overwhelming, there's too little trust, it's too hard to distinguish between human and machine interventions, that people will just shut down," says Lee Rainie, one of the study's authors.

But, moving forward, many of the experts also said the attempts to secure the Web need to be balanced with keeping it open.

"They will shut down ways in which the Internet can serve up diverse opinions; new things for them to learn; all sorts of extra things that would add to their life," Rainie says.

He says that one thing is certain: There will be more bot traffic online in the future as more devices — from medical monitors to home heating systems — are connected to the Internet.

Rainie says we are likely to see a vast battle between good bots and bad bots.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

Transcript

ROBERT SIEGEL, HOST:

This year, the Internet turns 25. And though it began as a tool for human communication today, according to one study, more than 60 percent of the traffic on the Web does not come from human beings. Web robot,s good ones and bad ones, drive a lot of the activity online. And as NPR's Laura Sydell reports, all of those bots have some experts concerned about what's next on the Web.

LAURA SYDELL, BYLINE: First let's talk about the good bots. For example, Google's bots crawl around the Web to find the best information. And there are bots that help make the Web run smoothly.

MARC GAFFAN: Tools that check out that websites are up and running all the time.

SYDELL: This is Marc Gaffan, the co-founder of Incapsula, a website security firm. His company released a report that found that bots are on the rise. In the two years ending in 2013, the percentage of nonhuman Web traffic went up from around 50 percent to over 61 percent of all Web traffic. And Gaffan says a little over half of those bots are bad.

GAFFAN: Scanning your website looking for vulnerabilities. They're potentially trying to hack into your website.

SYDELL: Once inside, bad bots can get a lot of information, corporate and government secrets. But Dan Kaminsky, the founder of the security firm White Ops, says they noticed that bots were going after individual users.

DAN KAMINSKY: And they're not going after, you know, people with secret military documents. They're going after grandmothers. They're going after everyone they can, and we were genuinely curious, why? Why hack grandma?

SYDELL: To take over grandma's identity, at least on the Web. Kaminsky says there are underground companies that promise to bring viewers to your website to make the site more valuable to advertisers. The views look as if they're coming from grandma's computer.

KAMINSKY: They're doing very little piece of identity theft. They're pretending to be you to advertisers who are willing to pay a little bit of money to get a little bit of your attention.

SYDELL: The problem with this kind of attention fraud, says Kaminsky, is that it lowers the quality of what's on the Web.

KAMINSKY: Well, you see the Web sometimes, and you click a link. And you get page, and there's 30 ads on it. And five of them are blaring audio at you. And you think, who could possibly ever find any value in this webpage? And the answer is nobody. Nobody would ever go to a page like this. But nobody is. It's all machines tricking machines. Bots will click on anything. They have terrible taste.

SYDELL: Bots with bad taste will rule the Web if left to their own devices. Today the Pew Internet and American Life Project released a study in honor of the Web's 25th anniversary. Pew interviewed 1,400 experts about their hopes and fears for the Web's next decade. Lee Rainie is one of the study's authors.

LEE RAINIE: It's what these experts worry about every - it becomes too overwhelming; there's too little trust; it's too hard to distinguish between human and machine interventions, then people will just shut down.

SYDELL: Yet at the same time, Rainie says many worry that people's attempts to protect themselves could also change the open nature of the Web.

RAINIE: That they will shut down ways in which the Internet can serve up diverse opinions, new things for them to learn, all sorts of extra things that would add to their life.

SYDELL: One thing that's certain, says Rainie, is that there will be a lot more bot traffic online in the future as more devices from medical monitors to home heating systems are connected to the Internet. Rainie says, in the future, we are likely to see a vast battle between good bots and bad bots. Laura Sydell, NPR News. Transcript provided by NPR, Copyright NPR.

Related Program