The social botnet business model
The economics also favor the botnet operators. Many cyber thieves use "zombie" PCs, systems infected with malware that turns them into free processors for the botnets; key loggers and data stealers are common uses of such "zombie" PCs today. Botnet operators could use them for powering the social bots and the botmasters, so the only significant costs are in creating the social bots in the first place.
Of course, botnet operators need enough reach to pay back their investments and make the efforts worth their while. And the cost of massively scaling the botnet -- the programming is much more sophisticated, and the costs of avoiding detection grow as well -- means there's a natural limit to how wide such infiltrations may go. The UBC researchers calculate a social botnet needs just 1,000 or so human friends to be profitable, if data theft is the business model.
That limit could be extended if botnet operators could get each social bot to befriend far more people than ordinarily possible, such as by cycling through friends as it harvests private data, maintaining an ideal-size roster of the average number of friends at any one point but changing the group over time (unlike human networks, which tend to keep the same people for years). Think of it as social climbing for social bots.
Selling Facebook friends would pull in a heftier take than data theft, the researchers found, offering another revenue stream -- or even business model.
Facebook has acknowledged that its service has tens of millions of fake accounts. Other services such as Twitter and comment sections of websites also have hefty numbers of fake accounts used by spammers and phishers. Just imagine how those numbers could grow once social bots become more than a university experiment -- and how much more effective they could be at fooling us all.
Sign up for CIO Asia eNewsletters.