How to Stop Bots from Exploiting Social Media Sites

Thad Dupper

CEO Secure64

As I read the daily news about how “bad actors” have abused and exploited social media sites, flooding them with fake posts, I think back to a line from the classic movie Rudy. Leading up to the last game of the season, Coach Dan Devine (Chelcie Ross) famously says to his team, “Remember, no one, and I mean no one, comes into our house and pushes us around.”

I would hope some version of that sentiment is being repeated at companies like Facebook, Twitter and Google as the veracity of their sites has come into question as bots have attacked their sites posting a high volume of fake posts.

As these companies look to implement defenses against these exploits, there is role for the Domain Name System (DNS) to play.

As anyone who is reading this post knows, DNS is the system that the Internet uses to resolve and translate domain names into IP addresses. So critical is this function that strong defenses have been developed to protect the DNS from a wide range of very sophisticated attacks.  It has been correctly said, “The network is only as secure as the DNS.”

Drawing on our work at Secure64, I would suggest DNS protections can be used to defend social medias sites from malicious posts and attacks. Clearly, the overall solution will include protections to defeat the multitude of attack vectors, but in this discussion, I will limit my comments to how DNS can assist in this endeavor.

First, let’s look at a simple denial of service (DOS) attack and how DNS deals with it. In this scenario, a single IP address floods (attacks) the server(s) for the target domain, e.g., amazon.com, with a high volume of spurious requests.  The goal of the attack is to overwhelm the DNS resolver server, so it simply cannot continue to function, or at least prevent legitimate requests from being answered. To protect against denial of service attacks Secure64 has implemented client IP-based rate limiting, which will identify the source(s) of the attack and discard any further traffic.

As the bad actors grew more sophisticated, DOS attacks became distributed, reflective, amplified and recursive. In a reflected flood, for example, thousands of bot machines send innocuous-looking requests to a DNS server, but with a counterfeited IP address of the target system. Since the size of a DNS response can be significantly larger than the request, the DNS servers would unwittingly reflect and amplify the attack against the target.  Our protections correspondingly grew in sophistication to meet and defeat these various threats.

So how can DNS be applied to stop fake postings to social media sites? Simply put, by leveraging the advanced and wide-ranging protections Secure64 has incorporated in DNS, we can use those same techniques to identify and defeat Bot Factories and platforms.

We can also use analytics to identify Bots and fake Tweets. In the simplest use case, if a single IP address is posting a high volume of posts to Twitter more than a typical Twitter user could possibly post, that IP address can be flagged and excluded from future posts.

But the bad guys are smart, so it is unlikely they will post all their malicious posts from a single IP address.  That is where IP address penning comes into play.  We can identify groups of IP addresses that originate from different hosts but terminate at the same domain.  Once identified, this group of IP addresses too can be defeat.

What about the case where the “bad actor” hides their IP address via a VPN?  Again, using algorithms and applying some advanced techniques, we can still identify the offenders.

And while not related to DNS, Twitter must track the size and duration of twitter sessions. Using that data they should be able to identify automated posters from natural users.  Or when they get 17,000 identical posts all with the exact byte count they can assume that these are duplicate posts.

Not to give away any secrets, DNS can also identify suspected bot and malware users. Once identified, any post originating from them can be sent to a staging area or special landing page on Facebook, Instagram and Twitter for further inspection.

The bottom line: if the social media companies wish to dramatically eliminate the problem of fake postings, they can. And it is in their best interests to do so – if users can’t trust the posts on their sites they run the real risk of losing a large number of their users which, after all, is their greatest assets.

It no doubt will take added resources and talent with the skills like the cryptographers and cyber coders we have at Secure64 to defeat these threats, but the task is imminently achievable.

Remember, no one, and I mean no one, comes into our house and pushes us around!

Secure64 and C-COR

For immediate release

Secure64 and C-COR partner to bring secure DNS to Asia-Pacific

Greenwood Village, CO & Melbourne, Australia –  February 20, 2018- Secure64, the leading provider of Genuinely Secure DNS servers, and C-COR, the leading supplier of products and services to all major Australian Telcos and MSOs, today announced a partnership to provide secure DNS and DNS-based security solutions to service providers, government and enterprise in Asia-Pacific.

“There is a great deal of opportunity in Asia Pacific for both secure DNS and DNS-based network security,” says Thad Dupper, President & CEO, Secure64.   “Partnering with C-COR allows us to bring our solutions to this highly strategic region of the world with a top tier partner. Their long tenure in the broadband community and the quality of their support arm will enable us to provide best-in-class 24×7 and in-country support.”

“Security is top of mind in our market today,” says John Goddard, Managing Director and Chair of
C-COR. “We looked at various providers and were most impressed by the Secure64 line – it was purpose-built to be secure and then expanded into using the DNS as a security tool.  Secure64 complements our best-of-breed builds and is a natural fit with our existing and future customers.”

Secure64 and C-COR are actively working projects in multiple countries.

About C-COR | C-COR

C-COR Broadband (C-COR) is an Australian firm delivering ultra-broadband infrastructure solutions to Asia Pacific region communications carriers, mobile operators, MVNO and cable operators. Now in our second decade, we continue to evolve our solutions portfolio and skills to remain at the leading edge in times of great technological change. Our specialists enable C-COR to deliver independent advice and provide exceptional value to ensure your infrastructure requirements deliver great outcomes. Our ultra-broadband solutions address the requirements for secure DNS, wireless edge, PON, next generation cable architecture, video headend and associated test equipment. We work with our customers and their partners to design, engineer and commission high performance infrastructure that allow our customers to gain a sustainable market advantage.

About Secure64 Software Corporation

Secure64 brings trust to the internet through its suite of purpose-built, secure, DNS-based network security products. The company was built on a foundation of security and has forged solutions that are self-protecting and immune to malware.  Secure64 secures the DNS infrastructures of leading service providers, government agencies and enterprises globally.

Secure64 is a privately held company founded by technology and financial veterans and boasts deep technical and global experience in its leadership and staff.  It is the only DNS solution provider that has authored a secure micro OS, automated the deployment of DNSSEC and built self-protecting DNS servers. For more information, visit www.secure64.com

Theresa DeGroote
Secure64 Software Corporation
303-242-5900
Theresa.DeGroote@secure64.com
www.secure64.com