avatarJames Marinero, MSc, MBA

Summary

The article discusses the nature and impact of bot farms, their use in spreading misinformation, influencing politics, and engaging in cyberattacks, as well as the efforts to combat them.

Abstract

The content delves into the dual nature of bot farms, which can serve both beneficial and malicious purposes. It highlights a recent case where Ukrainian cybersecurity forces captured a bot farm with 150,000 SIM cards, illustrating the scale of such operations. The article distinguishes between bot farms and click farms, noting that bot farms are often used for nefarious activities such as manipulating social media, influencing elections, and conducting ADDoS attacks. It also touches on the challenges faced by platforms like Twitter in verifying real users amid concerns of inflated bot activity. The piece further explores the methods used by bot farm operators to circumvent security measures, including the use of AI and SIM cards, and the ongoing efforts by security services to detect and dismantle these operations.

Opinions

  • The author suggests that the impact of bot farms extends beyond digital spaces, influencing real-world events such as elections and wars.
  • There is a clear concern about the ease with which bot farms can be established, especially with the advent of AI, which can automate the creation of bot accounts.
  • The article implies that the fight against bot farms is complex and requires significant resources, collaboration between platforms and experts, and potentially stricter regulations.
  • The author expresses skepticism about the effectiveness of current security measures like captcha systems, given the advancements in AI that can solve them.
  • There is an underlying worry about the potential future need for bio-data to access social networks, reflecting the author's reservations about privacy and data security.
  • The piece concludes with a personal note from the author, emphasizing the importance of verifying information and the value of supporting writers and content creators.

Infowars

What Does a Bot Farm Look Like?

These cyber farms have been hugely active in war and politics

Cyber Police bot farm searches (Ukraine’s Cyber Police)

Ukraine cyber-security forces recently captured a ‘bot farm’ and 150,000 sim cards but what’s the background and what does this cyber-agricultural unit look like?

Some bot farms serve constructive functions, such as automating customer service responses or gathering data. I recently had a long and ultimately successful interaction with a bot while trying solve a problem with my bank account — the bot gave up and called a human!

However, other bot farms engage in deceptive practices, such as spreading misinformation, manipulating social media interactions, and participating in fraudulent activities.

Bot farms do not necessarily need cellphones to operate, but if the aim is to operate on leading social media platforms (as opposed to email scams and website interference), then cellphones or, essentially, sim cards are usually necessary for account validation.

Bot farm or click farm?

A click farm is where people gather and interact over a website through which they collect “clicks” to help a client’s product, service, or website reach a larger audience.

Website owners may hire people to do the task remotely using PTC (paid-to-click) sites or create a bot farm account to complete the job for a natural person. This whole activity is carried out behind closed doors.

So, a bot farm and a click farm are not different. Bot farms are a type of click farm as both generate fake clicks leading to ad fraud and click fraud. Or worse.

But if somebody wants massive scaling, then hiring people (PTC) is not efficient to scale and it has weak security (people=leaks).

It has been estimated that as much as 50% of worldwide web traffic was bot-generated in 2014. By 2022, that figure was down to 53%, with 17% of ‘good bot’ and 30% ‘bad-bot’ on top of that (statista.com).

Bot farm usage: the dark side

The black side of bot farms is realised through the creation of artificial influence and the amplification of specific agendas.

These agendas can be relatively innocuous but when it comes to interference in elections, geopolitical influence or actual war such as Russia’s attack on the very existence of Ukraine, then the effects can be profound and result in the deaths of people.

Social media platforms

With their vast user bases and potential for viral content, social media platforms such as Twitter, Facebook, YouTube, Instagram and TikTok have become prime targets for bot farm operators, as well as messaging apps such as WhatsApp and FaceTime.

The bot farmers may use bots to inflate the number of followers, likes, and shares on particular accounts, creating a false appearance of popularity. This manipulation can sway public opinion, influence political discourse, and even affect financial markets.

One of the most memorable cases of the dark side was the social media influence of bots in the election of Donald Trump in 2016. Putin’s ex-chef and former ally Yevgeny Prigozhin admitted running a bot (troll) farm operation in St Petersburg (Russia, not Florida) and interfering in the election process. It was called ‘Internet Research Agency’.

Misinformation

Bot farms are notorious for disseminating misinformation on a large scale. By creating a network of bots that push false narratives and amplify conspiracy theories, malicious actors can sow confusion and discord among online communities. This poses a significant challenge for platforms striving to maintain trust and authenticity. There is an ongoing battle to filter out bot activity.

Elon Musk stuttered in his $44Billion acquisition of Twitter because he became concerned that the actual number of ‘real users’ was much less than the company claimed, with numbers inflated by bots.

On Tuesday [ed: 16 May2023], Musk said his deal to buy Twitter can’t move forward unless it provides public proof that less than 5% of its accounts are fake or spam, as the company reported in a May 2 regulatory filing. — cbsnews

ADDoS (advanced distributed denial of service)

Bot farms can also be used for ADDoS (advanced distributed denial of service) attacks.

Large scale protection systems such as Cloudflare can be defeated by bot farms using a number of methods including DNS amplification, HTTP amplification, by bypassing rate limits and exploiting firewall bypasses.

Also, attackers might leverage Cloudflare’s reverse proxy service to hide the real IP addresses of the attacking machines. By doing so, they make it harder for defenders to trace the source of the attack and block it effectively.

If you want to know more, then Cloudflare explains in a little more depth here.

Use of bot farms in this way does not require sim cards or cell phones.

Sim card usage in creating bot accounts

Traditionally, creating bot accounts on websites and social media platforms required individual effort to set up multiple email addresses and register accounts manually. This can be automated relatively easily using simple software which is easy to build and deploy.

You can do it yourself — just ask an AI system to write the code for you, although you will have to be clever in the way you construct your AI prompts to get around the AI’s ‘safety net’.

Cellphones have complicated this process. With cellphone verification becoming a standard security measure for many online services, bot farm operators had to adapt their operations to work with this verification system. It’s a relatively simple matter to leave out the actual cell phone and ‘rack’ the sim cards as in the headline picture.

By using a large number of sim cards bot farm operators can create accounts en masse. They simulate genuine user behavior, deceiving platforms that rely on phone verification to differentiate between human users and bots.

Consequently, detecting and mitigating bot farms has become more challenging for platform administrators and this has been made even more tricky to police since the explosion of AI applications which came to public attention in late 2022.

Without sim cards

As internet security measures have evolved, bot farm operators are quick to find loopholes. To bypass phone verification, some criminals (and state actors) have developed sophisticated software to automate the creation of bot accounts without the need for cellphones and sim cards. These AI-driven software solutions emulate human-like interactions and defeat security measures designed to prevent mass account creation.

These tools exploit vulnerabilities in captcha systems, IP masking, and other verification processes.

Two-factor authorisation was a step forward, but can now be easily defeated.

Combating Bot Farms

The battle against bot farms is an ongoing and complex struggle.

From 2022:

Ukraine has traced a Russian propaganda operation to a bot farm that was secretly operating in the country’s own capital of Kyiv.

The bot farm was using 5,000 SIM cards and 200 proxy servers to spread the propaganda online, according to the Security Service of Ukraine (SSU)

The farm operated more than 1 million bot accounts, which helped the propaganda operation build an audience of over 400,000 users on social media, according to the Security Service of Ukraine (SSU). On Tuesday, the SSU announced it had dismantled the bot farm, which belonged to an unnamed Russian citizen in Kyiv who positioned himself as a “political expert.” — PCMag, August 4, 2022

Ukraine bot farm. Credit: Ukraine Security Service

This was just one of several successful raids in Ukraine in 2022. But it’s happening worldwide. Russia and China are big in this, with secret state backing for groups such as Cozy Bear in Russia and Storm-558 in China.

And let’s not kid ourselves that the ‘West’ is clean on this.

Social media platforms and online service providers invest significant resources in developing AI-powered tools to detect and remove suspicious accounts. This is an expensive process, even using AI. These platforms rely on user behavior analysis, anomaly detection, and pattern recognition to identify and shut down bot accounts systematically.

Collaborative efforts between platforms, cybersecurity experts, and policymakers are essential to combat the threats posed by bot farms effectively. Stricter regulations and increased transparency can also play a part in reducing the incentives for malicious bot farm operators.

Scale could be a problem for bot farmers and I’m speculating that by careful automated data analysis of tech purchasing patterns then security services (at least in Ukraine) could identify bad actors even when network data analysis is masked.

The methods by which security services crack the systems and physically locate the farms are not usually disclosed.

Recent Ukrainian success

In the raid of July 2023, cyber police and units of the Ukrainian National Police carried out 21 search operations in Vinnytsia, Zaporizhzhia, and Lvivand.

The bots were used to push Russian propaganda justifying Russia’s war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities.

They seized computer equipment, mobile phones, over 250 GSM gateways, and roughly 150,000 SIM cards of multiple mobile operators. — bleepingcomputer.com

Conclusion

The war is ongoing, but strangely, when I recently opened a Mastodon account, the process was relatively straightforward and did not require cellphone verification, just email.

I was surprised, but I guess that newer platforms don’t want to make it too difficult for new users to join up.

The use of captcha systems added a layer of complexity but with the advent of AI for pattern recognition and solving simple arithmetic puzzles the effective use of captcha has, I think, had its day.

I’ve already had a problem with Facebook and had to upload a passport image to regain access to my account. I’m concerned that the time will come when we’ll have to provide bio-data to join a social network.

But no bio-data for me. I’ve had enough of new platforms, and I will definitely not be ‘Threading’.

And I’m reading my existing social media feeds with care.

If you have doubts about your own online security, then there is some advice here at PCMag (no affiliation).

More context:

If you follow me I guarantee variety in your inbox with some unusual perspectives! I write on a wide range of topics that interest me including humour, tech, space, geopolitics and travel. I also write about…

…agriculture

If you appreciate stories like these and want to support me and other writers, please consider signing up to become a Medium member. It’s only $5 a month, giving you unlimited access to incredible stories on Medium. If you sign up using my link, I’ll earn a small commission at no extra cost to you.

Or maybe just buy me a coffee? and tell me what you liked reading (or not)…

My novels are available at my Gumroad bookstore. Also at Amazon and Apple

Author’s note: The concept, structure, style and creative content in this story are all my own and I hope that is obvious to a reader. I do not employ third party writers. However, I do occasionally use an AI assistant to research and present small sections of factual content and data. All facts are checked where possible and sources quoted.

Social Media
Cyberattack
Infowars
Ukraine War
Bots
Recommended from ReadMedium
avatarAlberto Romero
DeepSeek Is Chinese But Its AI Models Are From Another Planet

OpenAI and the US are in deep trouble

13 min read
avatarNadin Brzezinski
The Dismantling of the United States

Every strong man that comes into power knows they have a short time to consolidate power. We are on week two of this administration, and…

7 min read
avatarTanguy Besson - Journalist
North Korea Pays a Brutal Cost by Supporting Russia in Ukraine

How NK Troops Endure Extreme Losses and Tactics in the Fight for Russia

8 min read
avatarDylan Combellick
Ukraine Update January 29

2025 — Girkin Gabs, Economics, Border Disputes, Front Line

13 min read
avatarJim Clyde Monge
How To Install And Use DeepSeek R-1 In Your Local PC

Here’s a step-by-step guide on how you can run DeepSeek R-1 on your local machine even without internet connection.

7 min read
avatarShankar Narayan
Russian Oil Hits the Wall

India and China stop new orders

4 min read