Bots are standalone applications that run on the Internet while performing some kind of predetermined task. They can be useful and harmless to users in general, but they can also be misused by criminals. According to Imperva research, in 2016 bots corresponded to more than 50% of the total Internet traffic.
READ: What chatbot? Understand how the robot that talks to you works
This technology has gained even more importance and impact with social networks, mainly related to fraud and even movements capable of influencing elections. In this text, you will better understand what bots are and learn about some of their applications – positive and negative.
Bots can be used for illegal activities Photo: Pond5
READ: Netflix creates Facebook bot that recommends movies according to emojis
There are both legitimate bots on the Internet that provide useful and legal services, as well as bots employed in crimes or malicious actions that can result in damages and losses to third parties. Legitimate bots can be robots that scan the Internet by indexing websites for search engines, such as Google, or that find the lowest price for a given product with a few clicks. An evil bot would be a robot that scans the Internet for vulnerable sites for further attack and invasion by its controllers.
In practice, bots are like computer programs created to run on the Internet performing repetitive and automated tasks. A simple example of how this technology makes digital life easier can be seen on Facebook's timeline. If it were not automated, to update it, users would need to visit each page, group or friend to find out about the latest photos, news and posts. The "robot" who controls the News Feed does this job for us.
There is a mechanism that feeds the News Feed. It can be understood as a bot, capable of making numerous requests in a short space of time, something that would be impractical for a real person.
Example of a legit bot: Telegram's robot allows you to create polls within the messenger Photo: Paulo Alves / TechTudo
The term bot was born from the word robot (robot, in English) and classifies automated tools used on the Internet: Google, as already mentioned, and other search engines use bots that search the Internet to index (register) sites in their results. They also check the links that these sites carry, what kind of content they promote, whether they are safe or not, if they propagate piracy and so on.
A typical example of an evil bot is the so-called spam bots. This type of automated tool also scans the Internet, but always looking for e-mail addresses left on forms and other types of records. These emails are collected by the robot and then used as spam recipients. There are even bots to find sites vulnerable to attacks, social bots and even bots capable of presenting fake sites to inattentive users – spreading the famous fake news.
Bots and fake social media followers
Twitter and other social networks are the target of bots that create fake profiles Photo: Carolina Ochsendorf / TechTudo
A survey by Indiana University in the United States in 2017 stated that at least 15% of the total 330 million Twitter profiles were fake and made up of bots. These robots had the function of retweeting, tweeting and following so-called influencers, in order to increase the statistics of celebrities and even politicians. Since then, Twitter has paid more attention to the problem and eliminated millions of accounts identified as fake within the network. The same type of situation has been linked to Instagram.
Another risk associated directly with the Twitter botnet crowd was evidenced in the 2016 US elections. Country officials believe that bots programmed by Russians influenced the electoral process by increasing the number of followers to one side of the dispute, in this case, that of the candidate. Donald Trump. In addition, the bots also posted content, giving greater visibility to some subjects in favor of others and, thus, participating in the process of spreading false news and topics that could benefit one of the candidates.
The big problem, however, is the difficulty in combating bots. With each new intervention that aims to hinder the automatic profile creation by a robot, its creators modify the tool and expand its capabilities to bypass new captcha mechanisms and other security instruments.
Internet traffic full of bots
A survey produced by Imperva, a specialist in digital security, points out that at least 52% of the total Internet traffic is linked to the use of bots of all types. The survey is based on 17 billion page views concentrated on a total of 100,000 different pages. Among that amount, the study shows that 29% are malicious bots and that bots useful as search engine sniffers account for only 23% of the total.
The research points to a serious problem that is simple to understand: bots are easy to produce and their maintenance costs little because, in general, it can involve one or a few computers connected to the network all the time. This explains the spread of this type of mechanism over the Internet, especially in social networks where a large mass of robots can influence public opinion and even interfere in elections.
In addition to the related complaints influencing elections, bots can also be mobilized and applied for other types of illegal uses. A typical example is the so-called DDoS attacks, in which those responsible coordinate an enormous amount of robots to flood a given page or Internet service with accesses and requests in such a way that this site ends up going down because it is unable to support the demand.
Another type of malicious bot is called the Hacker Bot, or crawler. This type of robot roams the sites, testing each page for classic vulnerabilities. If it detects that the site is vulnerable, it issues a warning to the hacker who controls it and the criminal can act, breaking into and causing damage, such as the interception of passwords and other data.
There is also the download bot, used in cases of phishing. Even more serious, this type of robot is able to deceive inattentive and unprotected users by making them view a fake website visually identical to the original as a way of trying to obtain data, which can be passwords, logins and even bank credentials.