Cybersecurity Saturday: Defense against Grinch bots
Have you ever clicked on a retail website and prompted to verify if you were a human? After you verified that you were a human, were you then asked to click on all the boxes showing traffic lights, a crosswalk or, cars? If you answered yes to either question, you have taken a reCAPTCHA test. CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart “. The “re” prefix at the beginning of the acronym represents the revised Google version of this test.
CAPTCHA is used to defend against automated bots, software that is often used to acquire online items. If online stores don’t have a defense against bots, they can decimate inventory before retail customers can make purchases. Grinch bots, automated bots that are designed to acquire high-demand items for resell on alternative websites, have increased due to the COVID-19 pandemic and the supply chain crisis. For example, one consumer stated that $950 was the lowest price seen online for a Playstation5 gaming console that usually retails for $500.
Defending against automated bots and Grinchbots are constant challenges faced by online retail businesses. To combat the bots, on November 29, 2021, Representative Paul Tonko (D-NY), Senator Richard Blumenthal (D-CT), Senate Majority Leader Charles E. Schumer (D-NY) and Senator Ben Ray Luján (D-NM) Congress, introduced The Stopping Grinch Bots Act.
The Stopping Grinch Bots Act would:
1. Prohibit manipulative technical practices that allow bad actors to use bots to circumvent control measures designed to protect real consumers;
2. Make it illegal under the Federal Trade Commission Act to knowingly circumvent a security measure, access control system, or other technological control or measure on an Internet website or online service to maintain the integrity of posted online purchasing order rules for products or services, including toys and other retail products; and further make it illegal to sell or offer to sell any product or service obtained in this manner; and
3. Allow the Federal Trade Commission and state Attorneys General to treat these abusive workarounds as prohibited unfair or deceptive acts or practices, and take legal action against the bad actors.
The list below provides other suggestions for online businesses to defend against automated bots.
1. Stay abreast of bot trends.
2. Invest in a bot management system.
3. Check online content, products, and services quarterly for vulnerabilities.