Co-authored by Nick Rieniets, Kasada Field CTO
The long-term efficacy of a bot mitigation solution depends on the integrity of the data being collected. But what happens when the client (bot) manipulates the data?
A successful bot operation must master the art of blending into the crowd. Each session that the bot sends must simultaneously look different from the other sessions whilst appearing identical to human requests. Mastering the art of dynamic deception allows the bot operator to avoid being classified as a bot.
Digital Fingerprint Harvesting
Bot operators work in communities that share ideas. Some of these communities sell toolkits or even whole-stolen digital fingerprints. Digital fingerprints are copies of real user sessions and browser data, and they can be loaded into bot frameworks to almost exactly imitate a real user who is using a browser. This allows them to fool the data collection and classification process of bot mitigation vendors.
These datasets are obtained in a few different ways, but the primary method uses browser or device malware. An unsuspecting user would download and run a malicious file that would infect the users’ machine. When the user opens targeted sites, the insidious code would then begin silently collecting real cookies and other browser information, such as mouse clicks, before sending it home to a command server. Fraudsters then resell this data, usually on the dark web.
The predominantly Russian-based anti-detect browsers, such as MultiLogin and LikenSphere, allow users to import harvested fingerprints. These tools allow for “full stack request rotation” – meaning that each session can be sent with a different set of request headers with a matching digital fingerprint.
Digital fingerprint harvesting, as an adversarial technique, was developed to combat the early-stage bot mitigation solutions. This technique is highly effective against a bot mitigation solution that identifies bots based on fingerprint commonality. In the continuous game of cat vs. mouse, these techniques ultimately lead to the evolution of the next generation of vendors, such as Kasada.

