What The Heck Is A Social Media Botnet… And Why Should I Care?

By now, you’ve probably heard that a “catastrophic” botnet could attack social networks this year. At the very least, security experts say, a “plague” of botnets could infect social media networks over the next 12 months. Which begs the obvious question: What the heck is a social media botnet and why should I care?

The making of a botnet

Broadly speaking, a botnet is a vast collection of social media bots, all programmed to act in the same way. Thus, a Twitter bot is simply an automated Twitter account that produces very simple posts or that automatically follows new people on Twitter whenever a certain term is mentioned. Each solo Twitterbot may seem completely useless on the surface, but millions of them can be fairly effective when united into one giant network, known as a “botnet.”

For example, say that you’re trying to make a lot of money in the stock market and need to carry out a quick “pump and dump” scheme to bid up the price of a stock very quickly and then take it down just as quickly. If you’ve seen films like “Boiler Room,” you probably have an intuitive feel of how this works. In the old analog days, you’d cold call a whole bunch of people and convince them to buy, getting them to bid up the stock. Then, days later, you’d cold call a whole bunch of people and tell them the stock is worthless. In the digital era, though, you don’t need phone calls – you just need a whole bunch of “bots” waiting to make tweets about the stock at opportune times.

Or, take the example of politics. During the recent presidential election, both parties were accused of using “bots” to attack rival candidates. Any time Hillary Clinton says something, fire up the Trump bots using hashtags like #CrookedHillary! And any time Donald Trump says something, fire up the Clinton bots! To the casual observer, it would appear as if tens of thousands of people were simultaneously rising up and letting off steam on Twitter. But it was just bots spreading fake news…

Malicious uses of bots

But, wait, it gets worse. If you gather up enough bots and have them all attack a certain website at once, you could flood a web domain with traffic, knocking it offline. That’s known as a distributed denial of service (DDOS) attack, and they are fairly common.

What happened this past September, though, was not common. This time around, the bots were not social media accounts – they were hardware devices, like DVRs and Wi-Fi routers and webcams, all of which were connected to the Internet. Due to security loopholes in these hardware devices, botnet operators were able to mass together millions of these devices, turning them into digital zombies connected to the Internet. As a result of a massive DDOS attack, these bots were able to knock Twitter, Reddit, Spotify and the New York Times offline for several hours. This so-called “Mirai” attack was the worst ever experienced on the Internet.

And that’s where security experts think that we could be headed in 2017. Moreover, they’re also warning that LinkedIn could be used as a key element of these attacks in the future. Why? Well, because LinkedIn potentially gives botnet operators access to the inner workings of corporations. In August 2016, LinkedIn was hit by a major botnet attack that stole data from members.

And it goes beyond just pilfering data. Someone you meet on a social network might actually be a bot, and that bot could look for ways to send you a message via email. The only problem is, there might be a hidden piece of malware included in that email, designed to propagate throughout your entire corporation once you share it with someone else.

So, yes, you should be concerned. If you’re getting friend requests from people you don’t even remotely recognize, or if a bunch of Twitter “egg” bots start following you for no apparent reason, now you know why. You have something that they want.