In an effort to stop hackers from circumventing security controls used by e-commerce sites, US lawmakers have proposed a new legislation, the “Stopping Grinch Bots Act of 2018.”
According to the Washington Post, “A group of Democratic lawmakers is trying to make it illegal for people to use automated accounts to inflate the prices of consumer products online.”
Sen. Tom Udall (NM), a co-sponsor of the bill, wrote in an email to the Washington Post, “These Grinch bots let scammers sneak down the proverbial chimneys of online retailers and scoop up the hottest products before regular Americans can even log on – and then turn around and sell them at outrageously inflated prices.”
With the exception of those actors who are conducting necessary research in the development of computer security or the field of computer system security, the act would make it illegal for anyone to circumvent a security measure, access control systems or other technological efforts made by internet retailers to protect their sites and their inventory.
Those who violate the law will be subject to the same penalties provided in the Federal Trade Commission Act, which, according to Yoav Cohen, SVP of product development at Imperva, is a step forward from "The Better Online Ticket Sales Act of 2016."
Because the 2016 act applied only to ticket sales, trying to limit the threat proved to be difficult for law enforcement to effectively prosecute offenders. “Ultimately the act did not do much to hinder attackers using malicious bots,” Cohen said. “The Stopping Grinch Bots Act of 2018 is not only giving retailers a weapon to combat malicious bots but protecting consumers from paying ridiculous markups – money that funds cyber-criminal activity.
“Consumers are spending more money year around, not just on Black Friday, on limited edition or high-demand products like the season's hottest toys or the latest shoe release. This demand and the payout is exactly the motivation malicious attackers need to exploit retailers and consumers.
“Application bots are the easiest method for attackers to get their hands on these goods. Because of their ability to rapidly repeat a specific task, bots are used to do things at a scale that humans can’t or simply don’t want to do. In fact, the latest research says bots make up more than half of all internet activity, and more specifically, bad bots make up almost 30 percent of all internet traffic.”