The latest deployment of Russian botnets directed at American politics was truly stunning. It happened via social media. One can only hope that it will notch up the urgency for government and businesses to address the serious threat that botnets have become.
I refer to House Republicans recently spreading word about a top-secret memo that purportedly showed that Democrats were in cahoots with the FBI in the investigation of the Trump campaign on allegations of collusion with Russia and subsequent obstruction of justice. Soon after the story broke, Russian botnets unleashed what has now come to be known as the #Releasethememo campaign, which instantly became a top trending hashtag among Russian bots and trolls on Twitter. It seems like a good guess that this botnet activity was aimed at adding validity to the memo in question by intimating a cover-up.
The most alarming aspect of this botnet activity is how good it is. It really does look legitimate to the untrained, and even semi-trained, eye. We now know Russian botnets fueled wildly conflicting polling results during the 2016 presidential race, and fabricated 6.1 million Twitter followers for then-candidate Donald Trump, but it's starting to look like that was just a test run.
This scale of these operations is made possible by botnets, the engines of cybercrime. A "bot'" is a computing device poised to receive and carry out instructions from a controller. A botnet is a collection of thousands of bots reporting to a single controller.
Botnets distribute email spam and phishing attacks, probe websites for weaknesses and carry out distributed denial of service (DDoS) attacks. And, increasingly, they're becoming a lever in high-stakes political discourse.
Botnets are well-suited to creating and maintaining myriad Twitter accounts, and using social engineering tactics to assemble vast followings. "Once these seed accounts are well established, the initial propaganda tweets can rapidly gain significant exposure," says Andrew Jones, senior sales engineer at Shape Security. "This adds legitimacy later when bots begin to subsidize any human sponsored retweets or posts related to the propaganda to attract further attention."
Rising presence and threat
Their use in propaganda campaigns underscores how pernicious botnets can be. And this trend is on the rise. The Spamhaus Project, a nonprofit that tracks cyber threats, counted a 32% increase in active botnet controllers in 2017. Significantly, many of these controllers leveraged virtual instances of computers spun up in the cloud—computing power made available by Amazon, Google, Microsoft and other cloud services providers.
SpamHaus also found that botnets comprised of Internet of Things (IoT) devices more than doubled to 943 in 2017, up from 393 in 2016. This is particularly bad news that points to the establishment of much larger and more powerful botnets made up of infected home routers, web cams, smart TVs and the like.
Despite the nature of the threat posed by botnets, the issue is still an abstraction for most consumers and businesses. That's understandable given the complex digital age we live in. But until public awareness is raised considerably, the impetus to do something substantive isn't likely to get much traction. One way to do this is to point at the messenger (i.e., the propaganda machine). What is now pointed at political issues can be easily directed at a competitor in business.
If there is any good news, it is that organizations like the National Institute of Standards and Technology and the National Council of Information Sharing and Analysis Centershave been methodically striving to address the networking flaws exploited by botnets. And just this month, the National Telecommunications and Information Administration issued a report specifically addressing botnets.
NTIA is calling upon other federal agencies to seek out partnerships with private industry to implement six "principal themes" and five "complementary and supportive goals" designed to mitigate botnet threats.
Focus on the problem
Meanwhile, innovative cyber defense technologies are getting more widely leveraged every day. Shape Security, Spamhaus and many other vendors are growing by helping companies proactively detect and deflect botnet traffic.
"Companies can challenge the bot to prove that it is a human, using various puzzles, and machine learning to determine if it is a real user," says Rami Essaid, chief product and strategy officer at Distil Networks, another of these vendors. "All of this should happen in real-time before the bot gains access to the site."
Someday, botnets could be ushered into obsolescence by networks designed to repel them. We're a long way from that day. The social media platforms need to step up to the plate, and it may be necessary for Congress to add teeth to best practices protocols.
In the meantime, companies of all sizes should become well-acquainted with botnets, quantify how botnets may be hurting them, and do what's necessary to proactively vet botnet traffic.
"There are tools and services available now that can accomplish that differentiation," says Shape Security's Jones. "All we need to do is make sure they're deployed." The first step is realizing the potential vulnerability.