New Haven Register (Sunday) (New Haven, CT)
‘Our measure aims to stop cyber Grinches’
Bots are buying up PS5s, Taylor Swift tickets and more, Sen. Richard Blumenthal is looking to stop them
Have you ever been shopping online for something notable but limited in availability? You set an alert, log in, and hurriedly enter your information into the online form only to find that your Taylor Swift tickets, PlayStation 5 or collectible sneakers sold out in seconds.
You probably got beat by the Grinch bots.
A growing number of bots, sometimes known as “Grinch bots” are likely working to snap up the items most in demand, only to be re-sold later on for much more money.
In recent weeks, Sen. Richard Blumenthal, along with four other Democratic senators, has introduced legislation to fight back against Grinch bots.
“Our measure aims to stop cyber Grinches from stealing the holidays,” said Blumenthal in a recent press release. “New tools are necessary to block these online grifters from buying up popular toys to resell them to parents at exorbitant prices.”
This is just the latest legislative effort against Grinch bots, going back to at least 2017.
GrinchBots are a kind of botnet used by scalpers
“New tools are necessary to block these online grifters from buying up popular toys to resell them to parents at exorbitant prices.” Sen. Richard Blumenthal
and resellers. A botnet is a distributed network of internet-connected devices that have been either infected with malware or are running software that allows a central user to direct the activity of the network.
“Bots are just software that are written to automate, and expedite, some repetitive action that a human wont have to do,” said Lynn Marks, senior product manager at Imperva, an internet security company. Marks explained that about 50 percent of web traffic came from bot activity. Lots of bots are totally benign, archiving and indexing the internet. But a large and growing percentage of this automated traffic comes from “bad bots” and botnets.
Botnets are used by hackers in “distributed denial of service attacks” to overwhelm websites, to send spam, steal data through spyware and mine cryptocurrency. Some have been implicated in ransomware attacks.
“It’s kind of like an arms race or a cat and mouse game,” said Marks. “If there’s enough return on investment for the attackers they are going to improve their bots to make them seem more human, which means they are more likely to evade detection.”
Grinchbots buy highvalue items like tickets, collectors editions, graphics cards and the “hot toy” for Christmas so that they can be resold by scalpers or resellers. They tend to spike in activity this time of year, according to Imperva.
“There’s a limited inventory and an extremely high demand,” said Marks. “And they believe there’s a guarantee that they’ll be able to sell it for a higher price.”
Marks said that millions of bots could, potentially, be trying to get their orders in ahead of the queue of humans on e-commerce platforms. While everyday shopping tends not to be targeted, for limited-inventory items this can quickly become a problem.
“Around 83 percent of all traffic last year going to entertainment sites came from automation,” said Marks, referring to ticket sales. “For customers trying to get those limited tickets edition things it’s going to become more and more difficult.”
Marks said that some consumers had turned to renting time on botnets to try to increase their odds of getting through, enlisting an army of robot shoppers to ensure access. But for everyone else, Marks said that she hoped people would keep pushing legislators to put more consumer protections in place.
“Just having a law in place isn’t going to be able to stop an attack like this from happening,” said Marks. “Having more tools to go and enforce them, we’re going to charge you if you’re doing malicious activities? I think that’s definitely going in the right direction.”