Your (un)friendly neighborhood botnet

Your (un)friendly neighborhood botnet

Growing up in the era of dial-up internet, online chat rooms, and the iPhone. (Yes, the iPhone. No S , X, or Triple Max Pro's back then), I often wondered what our generation would be defined as.

Not quite baby boomers, not exactly millenials (who the hell comes up with these names?), it was always like this middle ground bridging the reached stagnation of yesterday and the technological revolution of tomorrow.

Come 2021, I have never found it easier to describe this generation. In one word, Shortcut.

In 50 years time - assuming we last that long - 'The age of shortcuts' will inevitably be remembered in no more than three paragraphs in page 46 of Year 8 textbooks.

Tl:dr Don't do what they did.

I write this in an attempt to try and find reason within the minds of these cybercriminals. In the age of Bitcoin, get rich quick schemes and generally an encompassing sense of ‘Now’, I can perhaps understand a glimmer of what these people may be thinking.

The rise of cybercrimes is undoubtably one of the fastest rising crime forms over the past two decades. Of course it comes to no surprise, seeing how ‘safe’ and ‘profitable’ these online crimes can be, given the right tools and the right mindset.

With the rise of botnets and related criminal activities, acting alone is now a thing of the past. Why put yourself at risk This not only allows for maximum profits, mind you. This method has the added benefit of being virtually untraceable. So what is a botnet, anyway?

A botnet is a series of infected internet-connected devices that are controlled by a cybercriminal. Cybercriminals use them to start botnet attacks, which can lead to:

    -  Unauthorized access to devices

    - Private information leaks

    - Data theft

    - DDoS attacks

And Since the cybersecurity scene is seemingly infatuated with analogies of the agricultural nature, these bot 'herders' (the farmers controlling the hackers... Apologies, the hackers controlling the bots) are able to initiate, target, and manipulate cyber-attacks, all from the comfort of their Watermelon fields.

And as entertaining as it may be to picture these hackers plumped down on their prized watermelons, sickle in one hand & smartphone in the other, I can assure you that the threat is anything but.

You'd think that with a name like AdClickProtect, I'd be trying to talk to you about click fraud instead of watermelons (and you'd probably be right!) but don't write it off just yet...

Let's pretend for a second that the internet was, in fact, a watermelon. Each fibre strand an information relay, acting similarly to our current, inorganic infrastructure (though not nearly as tasty). Suddenly a seed appears, you know the ones. An unwanted visitor in a sea of mouthwatering bliss. Now there's two, wait! Three! As it grows and expands, so too do these visitors. Before you know it, a land once unsullied is now filled with nodes - or 'seeds' - that span its entire network.

So, much like watermelons, the internet is filled with these ubiquitous data points that are able to communicate with one another in an instant. These data points represent you, and me, that neighbor who always walks around the house naked, and every single device that has access to the internet.

The difference between watermelons and the internet however, lies in the inherent nature of man. Botnets, bot herders, click fraud, everything under that cyber-umbrella has one defining trait; Intent.

Given the right tools, experience and motivation, the power that exists in this handful of individuals is simply inconceivable.  Anything and everything is open to these people.

To put it in context, one that controls the watermelon, controls the world.

It may sound a tad hyperbolic but there's a reason only a handful of botnet rings - and even fewer individuals - have been apprehended since the grand age of dial-up.

Very simply, botnets are bits of rogue code that can infect any device given the right circumstances, rendering that device helpless to act against its bot herder overlord's wishes.

A lot of the time, hell, most of the time, we wouldn't even know if a cute lil' bot was running in our device's background. This is the cybercriminal's greatest strength as it very simply allows them to manipulate the flow of data as they please, whenever they please.

Take DDoS attacks - or Denial of service attacks -  for example. This attack renders the target helpless as the hacker(s) issue a command to overload the target with directed traffic. Needless to say, a few offline hours could result in inconceivable financial losses.

Other methods include using 'infected' devices to mine cryptocurrency. Some up-and-coming streamers or content creators will pay for 'viewers', essentialy bots mimicking 'human' behaviour so that the Ad filter wont't trigger any flags.

And speaking of Ads, Ad fraud is one of the most consitently profitable methods that these hackers utilise, with three  distinct reasons that come to mind.

1) Depending on the amount of bots the cybercriminals have access to, they can do massive damage both to your PPC strategy as well as reputation itself (which is arguably more important).

2) Secondly, they have learned... and adapted. To patterns, human-like behaviour, mimickry, and ways to avoid detection.

3) Herein lies the most important aspect of all this. The true underlying cause. The platform.

Currently, the online Ad Space is in an incredibly unhealthy position. The lack of competition in the area has created vulnerability via predictability.

These cybercriminals know how to exploit these Ad Network systems in place because let’s face it, there isn’t a lot of variation when it comes to perhaps the largest monopoly on the planet: Google Ads.

You could land on any one property on that monopoly board and it wouldn’t make a difference. It all inevitably leads back to the same source, and the lack of competition inevitably creates a 'Groundhog Day'-like paradigm that, you can bet your bottom dollar, has been studied extensively.

For example, a bot herder may use the tens of thousands of bots at their disposal to, say, create a Youtube account, use the human-like behavioural bots to amass millions of views, become a Youtube partner and start earning revenue from their bots who are watching their own video. It creates a revenue stream of perpetual proportions, which is be virtually untraceable.

It all works in the same way. Any online space that can allows for the display of Ads is fair game for these players. To put it simply, think of it as the manipulation of  millions of information sources to act in a way that ‘tricks the clicks’, if you will, tricking the system into providing them with a very high revenue source.

There are ways to protect your company from falling victim to PPC Ad fraud, with AdClickProtect at the forefront of fair clicks for all.

We look for what we're not seeing. That’s where you see it all.

Latest in our blog

Do you like tech and business news but with a more personal touch? Then you will love our blog! These are our latest posts:

  • Listen on

Would you like to know more?