Steecky Thoughts #5: ransomware bots – the scary future of Steemit [5min]

in #steemit8 years ago (edited)

A blog by @ooak
It's a place for me to give birth to my thoughts. Meta thoughts about "Steemit", external thoughts about life and experiences. My aim is to bring value to people, entertain the audience and craft my writing skills all at the same time. I will write short to medium size blogs because I believe that today more than ever time is money and attention is hard to get.


One of the most talked about issues in Steemit is bots. Steemit as a young platform had seen an increase of bot usage. There are bots for up-voting, bots for finding plagiarized content and bots for auto replaying. The reason for the surge of bots is the economical incentives that Steemit presents. The more you are active on Steemit the more value you can receive via SBD or SP, thus people try to game the reward system.

The battle of "do bots has a place here" or "which bots are good which are evil" will be fought in other posts. I want to present to you what I think can be a dangerous future for bot usage on the Steemit platform. It's about ransomware bots.


First for those of you who aren't familiar with the concept of ransomeware you can go to this long and informative post: https://steemit.com/security/@steempower/ransomware-forcing-bitcoin-adoption-via-file-encryption-since-2013

I'm going to quote a passage the summarized that term well:

Ransomware; traditionally attacking corporations seeking to encrypt data and holds the decryption keys for ransom; generally requesting payment in varying amounts of bitcoin for decryption keys that can be used to unlock your files and return them to their normal un-encrypted state.

So that's the basic of it. In the last couple of years ransomeware had become a real plague on the internet and jokingly considered as Bitcoin's "killer app". The reason is the the ransom is requested in bitcoins as a fairly untraceable currency.


Let's talk about down votes and censorship. In the last few weeks Steemit had seen an increasing amount of down vote bots. Some of them are down voting plagiarized or spam content and some just down voting just for fun. Once your post is down voted you lose your blogging and curation rewards and if your comment is down voted it becomes nearly invisible like that:


It is obvious that if someone is consistently down voted by bots or the spam police than it will harm their Steemit experience. I want you to picture a future where bots are taking Steemit users hostage like a ransomware. The bot or army of bots target users with low or moderate amount of SP. Users they can "beat" in the voting game, users who has enough funds they aren't happy to lose if they abandon it to open a new one. The bot auto-down vote a certain user, than spam the users with message such as "You had been targeted by a ransombot – pay me 1000 STEEM to release your account".

This attack vector on users can't be that far from reality, as time goes by we could see it happening. It can be done easily, automatically and can target massive amount of users for good results. In Hebrew there is a term called "Success method", I don’t know if there is an equal term in English. "Success method" is simple, you try to steal or con a large number of people and you will get results from a few of them, thus you always succeed.

How economically feasible this method of attack? Well, the attacker would need a high SP to execute the attack sufficiently. Attacking minnows with a 10$ worth of an account will not yield great results because they don't have enough value invested in Steemit. attacking users with 1000 SP will yield better results. the attacker would needs to invest more than 3000$ (according to the current STEEM price around 3$) to gain advantage over his victim. He would need to invest far more to thwart multiple up votes by other users.

Here is an example that I had seen today:


It shows one user taking "hostage" another user. Even though his down votes action were retaliation for getting down votes himself. We can see how effective it can be, people will be afraid that their user experience on Steemit will be harmed.

I know it's demoralizing to know that Steemit can be exploited in many different ways. It's in our best interest to keep fighting for it to be open and safe environment for all. Even if it means we have to self police it and fight against evil bots and users.
****


Shower thought: Steemit as a gambling/betting platform? Can be done?

@ooak signing out…


#steemit #steem #blog #writing #money

Sort:  

Been stewing on your idea for a bit. What you have described is feasible, no doubt. However, in this line of thought, wouldn't there always be a bigger whale? Meaning, someone higher in SP that could always flag the ransomware as malicious?

So the attacker just gets more SP to make their attack more feasible. But as some point, wouldn't the attacker acquire enough where it was more profitable to just hold the SP and gain interest?

Spread across multiple accounts? At what success rate? Say, 10%. Then 90% of the SP that could have been invested is just sitting there, could have been invested in one account to gain more.

This attack seems economically unlikely for me, I'd be curious to hear what others think.

thanks for taking the time pondering about it.
I think your that maybe it's not viable with an army of bots or at an X amount of SP.
but maybe with one bot. there should be a sweet spot to this attack where it's viable.
the sweet spot needs consider your own SP, the victim's SP, the amount you demand.
all theoretical of course but who knows.
This kind of attack can be thwarted by an "upvote police" where whales or dolphins or whatever band together.
I do think it's needs more thought by those who knows best, the devs. to make sure it's economically not viable or if there is a why to stop it.

steemit has many issues it needs to fix. It will probably stay in beta for some time.

Agreed it's constant work. but open beta is the best thing because with high usage more bugs found or ways to manipulate it.

not only that, it also need to implement a whole lot of new features.

Yeah, was told they are working around the clock and wish to add few more devs.

Are we looking at a future dev? ;)

Very well done article and saves me a lot of research, I appreciate it.

@cryptocameo, i'm far away from being a dev. just sometimes I come up with crazy shit like "ransomeware bots"

The quick fix is to not blank posts with low-weight downvotes. Down the line a more nuanced solution on Steemit might be required.

do you know how the "post blanking" is calculated right now ?
like [upvote SP+ downvote SP]<0 maybe ?

We already saw this happen to one of the #minnowsunite members @desmonid. Its been rectified, and there was no real "ransom", but retaliation was set by a band of ~40 downvoting bots.

money money money! good post.