The Internet has been described in many different ways over the years. We don’t use the term “information superhighway” much anymore, but a recent report may make you reconsider where and how you cruise around on it, regardless. That’s because a quarter of the cars on this road with you, dear reader, are being driven by mindless bandits looking to steal anything they can. Now, imagine traveling a road like that in the real world. No thanks, I’d rather walk.
Last year was the first time in history that bots outnumbered people on the web. According to research from Distil Networks, almost 60% of 2014’s web traffic consisted of automated bits of code, 23% of which exist to do dirty work for fraudsters and hackers. “It’s getting worse,” says Rami Essaid, Distil’s CEO. “Over the past ten years, they went from just kind of being out there and easy to detect to being really, really sophisticated.”
Computer programs that have been coded to either automate a task or pretend to be a person, bots have probably been on the Internet longer than you have. They can be either good or bad. For instance, Facebook uses bots to grab the headline, first paragraph, and image from a story when you share it on your news feed. Meanwhile, Google uses bots to crawl and catalog the web so when you run a search, the site can deliver appropriate results.
But hackers also use bots for all sorts of nefarious reasons, from lifting credit card numbers from an online store to scraping the text off an article and posting it on some random blog. (The nerve!) In fact, digital publishers get hit hardest by bad bots, with almost one-third of the traffic crawling on sites like this being malicious programs. (Sorry about that.) Travel sites, online stores, and real estate pages also abound with compu-critters.
Surprisingly, smaller websites are more vulnerable to bots than larger ones. Hackers target them more often in order to get usernames, passwords, and other credentials because these sites are less secure.”They don’t really care about actually stealing the money from small businesses,” says Essaid. “They care about stealing the information, because at the end of the day, people use the same usernames and passwords all over the place.”
While websites large and small should do more to battle bad bots, Distil’s report tosses blame at some surprising sources — like Amazon, China, and T-Mobile. Bad bots make up 78% of the traffic put out by Amazon, whose simple-to-setup cloud services power much of the web. “They’ve also made it real easy for bad guys to spin up servers, create bots, and do all sorts of bad things — and they don’t police it,” says Essaid.
Meanwhile, T-Mobile, China Mobile, China Telecom, and China Unicom are being overrun by bad bots on the mobile web. This is a huge problem because there isn’t yet a lot of virus protection for mobile Internet devices, and last year there were more mobile than desktop web users for the first time in history. As a result, hackers are racing to exploit smartphones and tablets. In 2013, less than a percentage point of mobile traffic was bad bots. In 2014, that figure skyrocketed to between 6-8%. That’s a scary number because there are many more mobile devices than there are computers, so a vast majority of handhelds haven’t encountered a bot — yet.
“It’s like an unharvested field of potential bots and the bad guys are now moving towards harvesting,” says Essaid.
So until the Internet cleans up its own act, bot-dodging users like you and I will need to take an “every man for himself” approach. For mobile users, that means not jailbreaking devices, making sure to research apps before you install them and closing programs that you’re not running. On the desktop, it means never using the same username and password combination twice, only entering your credit card information on secure sites, keeping your software (including browser plugins) up to date, and actually installing virus software. “You might be a zombie bot that’s ending up hurting somebody else,” says Essaid.
Zombies? Bots? Things were a lot better back when the Internet was overflowing with cats.