I like to think I am somewhat savvy when it comes to technological matters. After all, at a previous stop in my career, I was the editor in chief of a trade publication covering system technology for the banking industry.
But technology in all forms advances at such a rapid rate that it is folly to believe one is ever truly up to date with it. This point was brought home to me recently when I read a study on bots recently published by Distil Networks, a leader in bot mitigation that protects websites, mobile apps and APIs from automated threats.
For those unfamiliar with the technology, in its simplest form, a bot is an autonomous program on a network, such as the Internet, that can interact with computer systems or users. As with almost anything, there are both “good” and “bad” bots populating the web. According to Distil, good bots ensure that online businesses and their products can be found by prospective customers. Examples include search engine crawlers such as GoogleBot and Bingbot that, through their indexing, help people match their queries with the most relevant sets of websites. Meanwhile, bad bots scrape data from sites without permission in order to reuse it (e.g., pricing, inventory levels) and gain a competitive edge.
The problem is that bad bots are becoming ever more sophisticated, and are now used by competitors, hackers and fraudsters—the key culprits behind account takeovers or hijacking, web scraping, brute-force attacks, competitive data mining, transaction fraud, data theft, spam, digital ad fraud and downtime.
Key finding in Distil’s 2019 Bad Bot Report include:
- 73.6 percent of bad bots are classified as Advanced Persistent Bots (APBs), which are characterized by their ability to cycle through random IP addresses, enter through anonymous proxies, change their identities and mimic human behavior.
- Nearly 50 percent (49.9 percent) of bad bots report their user agent as Chrome. Mobile browsers, such as Safari Mobile, Android and Opera increased from 10.4 percent last year to 13.9 percent.
- Amazon is the leading ISP for originating bad bot traffic. In 2018, 18 percent of bad bot traffic originated from Amazon compared with 10.62 percent the previous year.
“Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before,” said Tiffany Olson Kleemann, CEO of Distil Networks, in a press release announcing the study. “As sophistication strengthens, so too does the breadth of industries impacted by bad bots. While bot activity on industries like airlines and ticketing are well-documented, no organization—large or small, public or private—is immune. When critical online activity, like voter registration, can be compromised as a result of bad bot activity, it no longer becomes a challenge to tackle tomorrow. Now is the time to understand what bots are capable of and now is the time to act.”
How does this impact casinos you may ask? Well, one of the most common targets for bots is, wait for it, gambling and gaming companies, which suffer from 25.9 percent of bad bot traffic, primarily from aggregators relentlessly scraping for ever-changing betting lines. Account takeovers are also a major problem because each account contains money or loyalty points that, once compromised, can easily be transferred to another user and emptied. In addition, the bad bots used by criminals to infiltrate gaming networks are among the most advanced available; according to Distil, almost 80 percent of the bad bot traffic in gaming originates from either moderate or sophisticated bot programs.
Suddenly I think the worry about possible robot domination is not as farfetched as it once seemed…