Should you get your own bot?
- October 17, 2019
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyber Crime, Hacking, Posts with image
It’s not even Halloween and some companies are already advertising deals for holiday sales.
Will a bot help you land those hot toys, electronics and sneakers?
Here’s why some say it’s time for you to bot up — and why others say you should stay away.
A proud husband shows off his prize on Facebook — the coveted Kyrie Irving Nike SpongeBob SquarePants sneakers.
“Got one for wifey,” writes Michael Cuto.
He was one of the lucky ones, it seems. Many more post regrets at losing out.
“I legit stayed up waiting for them to come out. It sold out in like a minute,” laments Ella A-P.
“Put my shoes in the cart the day before,” says Maci Willeby. “At 9:01 am, I pressed ‘buy’ and they were already sold out!”
But many “winners” are not just lucky, they are automated, using bots to “cop kicks,” hot toys for the holidays, hotel reservations and event tickets.
Some bot ads claim they can snap up a popular item in 200 milliseconds, before your page even loads, less than the blink of a human eye.
Bots can buy out an entire inventory in two seconds, according to security company PerimeterX.
“The truth is — nobody really wants to say this — is that you going on to the website and fat fingering in your information will never get you to the point that you’re fast enough, than somebody that can do this via an automated way,” said Radware’s Carl Herberger at the CyberChess cybersecurity conference in Riga, Latvia this month.
Roll Your Own?
What’s a shopper to do?
“Go find a good bot,” Herberger advised.
“Do you sell bots?” we asked.
“I don’t sell bots. I sell the ability to protect yourself of bad bots. but I don’t sell good bots,” he answered. “No, but there are good bots out there that you can go buy.”
There are many bots for sale online, advertising their speed, skills and ability to avoid “pooky” or bot detection.
You can even see videos of bots in action.
Some experts, however, say you should steer clear of buyer bots.
Some bots may operate in a grey area — between laws — and may not keep up with more sophisticated bots and bot detection, said Robert Capps of NuData.
“Consumer use of bots is unlikely to net them the coveted set of sneakers they are looking for,” Capps told Archer News. “In fact, it will likely end in disappointment, and at worst may subject them to data theft and misuse, or even legal trouble.”
Bot operators often try to have servers staged strategically, so they can use their geographical proximity to reach the sites faster.
Some buyer bots stalk URLs and tweets, so they can jump on a purchase before you even know it’s for sale.
They may use third-party CAPTCHA bypassing companies to get around the not-a-bot tests.
Some schemers go even further.
Bad bots will fill up carts with items, but never buy, PerimeterX said.
They will automatically renew the carts over and over again, hoarding inventory for hours.
This drives up demand, blocks you from buying directly from the source and forces you to turn to the secondary market at a higher price.
Hoarding works especially well for holiday shopping, when parents are desperate for top toys.
Shoppers find items sold out, then turn to eBay or other markets.
Once they place their order, the hoarder bot will actually buy the item instead of just refreshing the cart.
“My interpretation of this is it’s cheating,” said Herberger. “The laws are not very clear and what is good and what is bad when it comes to bots.”
In 2016, the popular Hatchimals toys that sold for about $60 retail showed up on on eBay for as much as $2500, according to PerimeterX.
More Bot Schemes
Other schemers will hack into the site itself and illegally buy in bulk, or steal your credit card number — or your entire account — to make the deal.
With event tickets, scammers may try to sell the same ticket again and again, ripping off many people at once.
One ticket crime ring busted three years ago stole more than a million dollars and involved crooks from Oregon to New York to Russia.
For one U2 concert, a schemer bought a thousand tickets in just one minute, according to the New York Attorney General’s Office.
For some popular events, 99% of the tickets went to bots, said Distil Networks. In general, about 40% of all ticket buying is bot traffic.
Ticket Bot Battle
Ticketmaster launched a program called “Verified Fan” to help real humans buy real tickets.
The program asks people to create a Ticketmaster account and provide a real, verifiable phone number.
Ticketmaster says it uses social media and other data to figure out just how much of a fan you really are.
“We are also identifying who’s coming to the on sale to buy tickets and prioritizing them based on their fandom,” said Ticketmaster’s Ismail Elshareef at the 2018 Collision tech conference in New Orleans. “Or, what we know about them. Are they human beings? They’re not bots? Do they tend to buy tickets in the thousands and sell them off on the secondary market or not?”
Ticketmaster told Archer News, the company does work with resellers, but does not tolerate bots.
The company says it aggressively fights bots with technology, human monitoring, digital tickets and more.
And they want more punishment for bot profiteers.
Kicking the Kick Bot Habit
Does Nike fight bots, and if so, how?
Nike did not respond to our request for answers.
Reports say companies like Nike try special apps, raffles and in-person pickups to beat the automated buyers.
The most creative idea may go to a shoe store in Turkey that reportedly gives buyers one shoe to wear out, and will give them the other shoe the next day — if they see wear marks.
Laying Down the Law
The U.S. passed a law in 2016 the Better Online Ticket Sales Act, or BOTS Act, to keep bots at bay, and other countries have followed.
Lawmakers introduced another bill to fight retail bots, called the Stopping Grinch Bots Act, in November, 2018, though it has not progressed further.
The bots, however, continue.
As companies use more and more detection or “pooky,” more bot bandits may get caught.
Capps has this advice.
“Ultimately, consumers hoping to beat bots at their own game have a lot to lose, and are unlikely to gain much,” he explained. “They would be much better off using legitimate channels to make their purchases.”
But Herberger says to beat the bots, you may have to join them.
“Today we have this idea that the Internet traffic is human,” he said. “Ten years from now, people will be looking at logs and they’ll say things like, ‘I actually think this is a real human!'”
Help for Humans
If you search online, you can find guides to help you buy as a human and beat the bots.
You can also learn how to find or make your own bot.
If you run ticketing or retail services, you can also find help in protecting your services from bad bots.
But it all comes down to supply and demand, part of it artificially created by companies looking to capitalize on hype.
If you send less time chasing down hot items, demand may go down, prices may go down, and the bots may go somewhere else.
Main image: Robot at laptop. Image: iStock