With Christmas fast approaching and the increase in online shopping, our Cyber Expert Nick Desforges-Poths discusses why bots are winning the race for buying in-demand items.

“If you haven’t noticed, buying a next generation games console is quite tricky at the moment. With over 4000 having been listed on a well-known auction site selling for at least twice the market price (my daughter and I spent a few minutes in wonder watching as the bids jumped).

How has this happened?

It appears that scalpers have fully digitised and are making use of automated buying Bots. This isn’t a new phenomenon, Bots have been used frequently over the previous years, targeting releases of new technology and (surprisingly) trainers. What is new this time round is the organisation and scale of the operation. With scalpers joining syndicates (at a cost) and, akin to crowd founding, creating vast Bot Farms to snap up the goods.

NVIDIA RTX 3080 GPU was hit hard when released earlier this year, and appears to be the first on this scale (they were hit again when they released the 3090 a few weeks later). The most prolific is the next generation console, with stores selling out within 5 seconds of going live.

Who is impacted?

Obviously the consumer is impacted, but what about the manufacturer and seller? Chatter on the web is definitely pointing the finger of blame primarily at the seller, whether this would have any long-lasting reputational impact is unlikely, but it is highlighting the fact that the buyer is not their main priority. What is interesting is the knock on impacts on the seller, with every website which sells these consoles within the UK suffering downtime on release day. This includes the biggest cloud hosting company, which means the amount of revenue from other customers must have been seen. Not to mention the efforts of first, second and third line support teams in customer queries and IT support. All of this would come at a cost.

What is the solution?

There are a myriad of technical solutions on the market that offer Bot protection, not just against retail Bots, and any e-commerce company should definitely consider adding one to their arsenal of security capabilities. CAPTCHA tests would potentially stem the flow of the Bot’s, however, with the advances in machine learning these may not be adequate. One example is that many people believe that the Turing Test was passed by a chatbot in 2014. It may be that future CAPTCHA tests will be designed along the principle of Turing Test via failure, basically proving we’re human by being dumber than a bot.

Whatever solutions are currently out there, what is guaranteed is that not one individual solution will stop the Bots (nothing in Cyber or Digital is 100% proof), and whilst there is a market and people willing to pay, there will be people using any means possible to make a profit.”


About the author

Nick Desforges-Poths is a Lead Consultant at SA Group with over 15 years’ Cyber Security experience in both the public and private sector. He is a Certified Information Security Manager, a qualified Scrum Master and holds certifications in Risk and Information Systems Controls, TOGAF, Management of Risk, along with being a Lead Implementer in ISO/IEC 27001.