Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM
Tamer Hassan
Tamer Hassan
Connect Directly
E-Mail vvv

Why Information Integrity Attacks Pose New Security Challenges

To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.

In December 2017, people looking through the Federal Communications Commission's net neutrality comment form witnessed a miracle — the dead returning to life.

Or that's how it looked, anyway. In reality, cybercriminals used a botnet to post what an analysis by the New York State Justice Department estimated to be over 2 million identical comments under the names and street addresses of real people. In a strange twist, frustrated users quickly took to Twitter to report that some of these names belonged to their deceased family members and friends.

Though this instance of fraud may seem like a one-off, I believe we're only seeing the beginning of this kind of threat. We're likely to see more and more efforts to obscure or influence public opinion like this in the near future, and it will become more difficult to separate the bots from real users.

A Threat to Us All
In this instance, cybercriminals are using a tactic called skewing — deploying huge botnets to flood a comments section — to, well, "skew" public opinion. The bot comments not only drowned out real users but could also have shifted the sentiment of the public conversation about net neutrality. Though the FCC says it
didn't pay much attention to the comments, the implications of the attack are more pressing than the attack itself. Identity fraud was used to influence a vote in Congress that would determine the fate of one of the most important Internet laws in our society — who knows what else these botnets could be used for?

It used to be that bots were easy to detect and stop because they behaved in ways that clearly broke the rules set by websites for users. In many cases, bots would try to inject code on the website they were invading, an action that is clearly not allowed and therefore subjects the account to banning or suspension by moderators.

The tricky thing about today's bots is that, on paper, they follow all the rules. They can register a real email address to create an account, confirm a password, and even pass CAPTCHA tests to "prove" that they're human users at a 70% success rate. At White Ops, we see that 75% of malicious bots are actually operating off of real humans' machines. They hide in the background, mimic behaviors and browsing times, and use their hosts' cookies and browsing history. That makes it an awful lot harder to identify bots, block them, and prevent them from tipping the scales of public opinion.

The only reason the fraudulent FCC comments were detected in the first place was because the botnet's operators made the mistake of impersonating deceased human users. On the whole, the botnet appears to have been fairly rudimentary, not very likely the work of sophisticated cybercriminals. Otherwise, this threat may have gone completely undetected among the form letters and authentic traffic, which raises a frightening question: how many of these attacks have already happened right under our noses?

While the damage done by cybercrimes, such as breaking into and stealing from someone's online bank account, can be disastrous, the implications of this kind of "zombie" network go far deeper. Cybercriminals most likely utilized similar botnets on both sides of the 2016 presidential election, and their effect on its results are ultimately impossible to quantify.

If left unchecked, these bots will steadily erode human users' trust in anything they see on the Web. Given how easy it is to impersonate human behaviors, how popular will the most popular stories in your feed be, really? Does the song that's topping the charts of your favorite streaming service or the latest viral video really have that many plays? Is the metric that's guiding your company's decisions based in anything real or the work of some unseen manipulator hiding in the shadows?

Make no mistake — the stakes here are high. In many ways, the Internet is ruled by algorithms and machine learning that curate what makes it to the top of the charts on a minute-by-minute basis. The ability to manipulate those rankings can have real value. It’s gaining that kind of visibility that fuels the multibillion dollar advertising industry that we know today.

In the near future, wars over public opinion could be determined by who has the most convincing bots, not the most convincing argument.

Stemming the Tide of Bot Traffic
The fraud campaign to take down net neutrality seems to be the work of amateurs, yet it still very well could have influenced a major congressional vote. Cybercriminals are installing malware on our computers and using them to do practically anything they want. We don't necessarily know what else hackers have accomplished using our names and addresses.

There's always a way to identify and stop new automated threats, no matter how large and untraceable they may seem. But it can't happen until cybersecurity professionals everywhere recognize the potential severity of this problem, not just for specific entities on the Internet, but for our ability to trust anything that we find online.

Some commentators have said the end of net neutrality heralds the death of the Internet — but ironically enough, it may be the wake-up call that inspires us to save it.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Prior to co-founding White Ops, Tamer Hassan was the founder and CEO of Compel Data Technologies Inc., a software development and consulting company focused on big data and business intelligence solutions. In the years prior to entering the technology sector, Tamer was a ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/28/2018 | 8:13:08 PM
Bot vs. AI
If bots strated this much trouble wait and see when AI comes into the game.
User Rank: Ninja
4/28/2018 | 8:09:57 PM
In the near future, wars over public opinion could be determined by who has the most convincing bots, not the most convincing argument. Ths is really true and at the same time is really scary.
User Rank: Ninja
4/28/2018 | 8:07:36 PM
There are good and bad use of bots obviously. This is one reason why we need to put technology in use of good,
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.