Wednesday, August 12, 2009

BOTS on ORKUT

Yeah, it is true. The BOTS haven't spared Orkut. If you are a frequent user of this Social Networking Site, the fact that Orkut has recently enhanced its security measures might not have escaped your notice. It now asks you for Captcha when you enter any URL in our status message or as part of a scrap. At the same time, if you send an alarming number of Friend Requests in a short span of time, you are asked again for Captcha, for each subsequent Request you send. For those unaware of the terminology, CAPTCHA is the technical term to describe the test where in you are shown an image, consisting of alphabets and numbers (often distorted so as to not look like the ones typed in the usual fonts) and asked to type the same in a text box. Well, Captcha was introduced so as to make sure that the user was actually a real person and not some software program; it was argued that a software program could not identify the characters from an image. As secure as it might sound, it is a fact that programmers/hackers around the world have outsmarted the captcha developers; and the sad truth is, the hackers have been aided by the developers themselves.

Well, I had suspected long ago that there was something fishy about Orkut's sudden interest in its security. However, it was only recently that I found traces of BOT activity in my Network, and began to delve into the subject further. To begin with I received friend requests from people who were already in my friend list. Evidently, their account was being cloned. Then again, I have received a lot of Friend Requests recently from unknown people, all of them with the same message.


Take a minute to notice the short message with the request.
Besides, you get those advertising scraps all the time; it is more often than not BOT activity.


What are BOTS?


Internet bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. If you have chatted on Yahoo, you are sure to have encountered a BOT sometime. Chatting bots can chat. Needless to say these BOTS have a limited vocabulary; they have a fixed set of responses that they send other users. It is pretty easy to tell apart a BOT from a human user merely by interacting with it for 2 minutes; it is bound to make irrelevant comments at some point.

What can BOTS do?
BOTS can be used for commercial purposes, advertising.
BOTS can be for spamming.
BOTS can be used to coordinate and execute an automated attack on networked computers, such as a denial of service attack.
BOTS can be used to bring down a Website's responsiveness by sucking bandwidth by downloading entire web sites and sending automated requests.

There are other capabilities of BOTS but I'd appreciate if you look those up on wiki.


Why Orkut?

Orkut.com is a social networking website owned by the industry giant GOOGLE.This means orkut is very big and anyone can take advantage of its millions of users to sell his products and services.

But it is not as harmless as it sounds. Needless to say, your privacy can be invaded by BOTS if they have access to your profile page, your scraps and your images. I've heard of instances where hackers with malicious intentions have grabbed such information about a user and opened bank accounts/ applied for duplicate social security cards with the victims' identites and done similar stuff, cheating them of their resources and often commiting crimes pretending to be the vicim. It can get bad!

BOTS can also be use to install virus or other spyware on your system which can in turn be used to eavesdrop on you and do stuff that you wouldn't want.


How do BOTS get past CAPTCHA?

I've hinted at the answer to this question above. I found this statement on http://jetbots.com, a software company which specializes in programming BOTS and selling them:

*CAPTCHA Bypasser
We have just teamed up with a third-party CAPTCHA service and integrated their service in all of our bots (optional). You need to buy credits from a 3rd Party website, imagetotext.com and just type your user/pass in our software (if you want the software to bypass the CAPTCHAs) and everything is automatic from there - Just like you type the CAPTCHAs manually, the software will bypass the CAPTCHAs. We have added this service in our bots because we know that CAPTCHAs' sucks :-) And on request of lots of our loyal customers, just like YOU :) Thank you.


It comes as no surprise.The Great Wall of China was so designed that it could not be breached. But it was breached only because the guard was bribed.


What can you do?

BOTS will be there; there's nothing we users can do about it. Only the website developers can do anything in this regard. We can only exercise caution when we accept friend requests from people we don't know. We must not put confidential content about ourselves that can be used to clone us. We must not click on links we don't trust. What else?

2 comments: