Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/25/2018
10:30 AM
Tamer Hassan
Tamer Hassan
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Information Integrity Attacks Pose New Security Challenges

To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.

In December 2017, people looking through the Federal Communications Commission's net neutrality comment form witnessed a miracle — the dead returning to life.

Or that's how it looked, anyway. In reality, cybercriminals used a botnet to post what an analysis by the New York State Justice Department estimated to be over 2 million identical comments under the names and street addresses of real people. In a strange twist, frustrated users quickly took to Twitter to report that some of these names belonged to their deceased family members and friends.

Though this instance of fraud may seem like a one-off, I believe we're only seeing the beginning of this kind of threat. We're likely to see more and more efforts to obscure or influence public opinion like this in the near future, and it will become more difficult to separate the bots from real users.

A Threat to Us All
In this instance, cybercriminals are using a tactic called skewing — deploying huge botnets to flood a comments section — to, well, "skew" public opinion. The bot comments not only drowned out real users but could also have shifted the sentiment of the public conversation about net neutrality. Though the FCC says it
didn't pay much attention to the comments, the implications of the attack are more pressing than the attack itself. Identity fraud was used to influence a vote in Congress that would determine the fate of one of the most important Internet laws in our society — who knows what else these botnets could be used for?

It used to be that bots were easy to detect and stop because they behaved in ways that clearly broke the rules set by websites for users. In many cases, bots would try to inject code on the website they were invading, an action that is clearly not allowed and therefore subjects the account to banning or suspension by moderators.

The tricky thing about today's bots is that, on paper, they follow all the rules. They can register a real email address to create an account, confirm a password, and even pass CAPTCHA tests to "prove" that they're human users at a 70% success rate. At White Ops, we see that 75% of malicious bots are actually operating off of real humans' machines. They hide in the background, mimic behaviors and browsing times, and use their hosts' cookies and browsing history. That makes it an awful lot harder to identify bots, block them, and prevent them from tipping the scales of public opinion.

The only reason the fraudulent FCC comments were detected in the first place was because the botnet's operators made the mistake of impersonating deceased human users. On the whole, the botnet appears to have been fairly rudimentary, not very likely the work of sophisticated cybercriminals. Otherwise, this threat may have gone completely undetected among the form letters and authentic traffic, which raises a frightening question: how many of these attacks have already happened right under our noses?

While the damage done by cybercrimes, such as breaking into and stealing from someone's online bank account, can be disastrous, the implications of this kind of "zombie" network go far deeper. Cybercriminals most likely utilized similar botnets on both sides of the 2016 presidential election, and their effect on its results are ultimately impossible to quantify.

If left unchecked, these bots will steadily erode human users' trust in anything they see on the Web. Given how easy it is to impersonate human behaviors, how popular will the most popular stories in your feed be, really? Does the song that's topping the charts of your favorite streaming service or the latest viral video really have that many plays? Is the metric that's guiding your company's decisions based in anything real or the work of some unseen manipulator hiding in the shadows?

Make no mistake — the stakes here are high. In many ways, the Internet is ruled by algorithms and machine learning that curate what makes it to the top of the charts on a minute-by-minute basis. The ability to manipulate those rankings can have real value. It’s gaining that kind of visibility that fuels the multibillion dollar advertising industry that we know today.

In the near future, wars over public opinion could be determined by who has the most convincing bots, not the most convincing argument.

Stemming the Tide of Bot Traffic
The fraud campaign to take down net neutrality seems to be the work of amateurs, yet it still very well could have influenced a major congressional vote. Cybercriminals are installing malware on our computers and using them to do practically anything they want. We don't necessarily know what else hackers have accomplished using our names and addresses.

There's always a way to identify and stop new automated threats, no matter how large and untraceable they may seem. But it can't happen until cybersecurity professionals everywhere recognize the potential severity of this problem, not just for specific entities on the Internet, but for our ability to trust anything that we find online.

Some commentators have said the end of net neutrality heralds the death of the Internet — but ironically enough, it may be the wake-up call that inspires us to save it.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Prior to co-founding White Ops, Tamer Hassan was the founder and CEO of Compel Data Technologies Inc., a software development and consulting company focused on big data and business intelligence solutions. In the years prior to entering the technology sector, Tamer was a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:07:36 PM
Bot
There are good and bad use of bots obviously. This is one reason why we need to put technology in use of good,
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:09:57 PM
Convincing
In the near future, wars over public opinion could be determined by who has the most convincing bots, not the most convincing argument. Ths is really true and at the same time is really scary.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:13:08 PM
Bot vs. AI
If bots strated this much trouble wait and see when AI comes into the game.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13934
PUBLISHED: 2020-07-14
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
CVE-2020-13935
PUBLISHED: 2020-07-14
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of ser...
CVE-2020-15721
PUBLISHED: 2020-07-14
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVE-2020-7592
PUBLISHED: 2020-07-14
A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic ...
CVE-2020-7593
PUBLISHED: 2020-07-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticate...