Star Wars Fever: Sith Bots Strike Back

I saw Star Wars: The Last Jedi last night, and yes, I know it’s geektastic to go see a film on its premiere date. But I’m here to tell you—it’s brilliant!

Interesting events are transpiring in the galaxy far, far away, in a way that pays homage to the past—while clearing a path for the future. It has so many plot twists and “I didn’t see that coming” aspects that Yoda himself the future he could not see.

It seems that no one is immune to Star Wars fever—not even cyber-criminals. No, this isn’t yet another story about timely spam lures (“pre-order your free Last Jedi Blu-ray now!” Rather, it’s the fact that Sith spambots have become very strong in the dark side indeed.

Imperva Incapsula researchers witnessed this disturbance in the Force firsthand while mitigating a wave of send-to-a-friend spam attacks. Several customers were bombarded with suspicious WinHTTP POST requests from yet-unidentified bots. During the first week of the assault, 33 unrelated domains on the Imperva network were hit by over 275,000 attack requests. A week later, the number of targets had increased to 60, and the volume of the attack had almost tripled—reaching a total of over a million requests. That’s clearly a considerable number of targets being hit at a very high rate.

The similarities between the attacks showed them all to be part of a larger coordinated assault—but what’s really interesting is that the bots were adding to the comments section of the send-to-a-friend emails. And what were they writing about? It’s all snippets of text taken from Star Wars novels, like so:

[Spam link] “There's no reason for us to move so soon," Des replied, struggling to remain calm. "If they start at dusk, it's going to take at least three hours. &referrer=[website targeted by form-filler bots].

Granted, the passages were chopped up into incomprehensive chunks and used for the purpose of peddling mobile slots, but it’s clear someone on the bot-herding team is QUITE the fan.

“Most likely… the spammers were trying to add some uniqueness to their emails, and further hinder detection by filtering mechanisms scanning for content patterns,” Imperva Incapsula said, in an analysis. “In the process of doing so, the culprits probably also decided to pay homage to one of their passions. One way or another, much like the rest of us, these scruffy-looking nerf herders have Star Wars on their mind.”

And who can blame them?

We found out in the Last Jedi that the Force is what binds us and connects us to each other and everything to everything (kind of like the internet, come to think of it). It’s about duality and a stalemate between good and evil, rather than one triumphing over another. This could be a good metaphor for our cyber-times, as the constant push-pull battle between white hats and black hats seemingly rolls on in perpetuity. If the attacker behind the Sith bots is a bratty Vadar wannabe, then the Incapsula Imperva team are Han, Leia and Luke, riding again, and maintaining balance in the Force.

What’s Hot on Infosecurity Magazine?