Amit Yossi Siva Levi is the co-founder and CTO of Immue, a bot detection company recently acquired by Forter. He has worked in cybersecurity since he was a teenager, is an expert in bot detection, and has been the CTO of multiple startups. He also spends way too much time on the darknet.
In this interview, we draw out some of Amit’s unique experience in the bot and cybercriminal space, how spending time on the “darknet” piqued his interest in the world of bots, and where he thinks the bot world is headed next.
How did you get into the world of bots in the first place?
It’s been quite a journey! I started coding at 12 — I was one of those kids who got hooked from the first time they realized what you could do with a computer. It was at a time when all kinds of things were opening up, technologically and online and in software terms, and I fell into playing around with cyber capabilities when I was about 14. It was like a game at first, seeing what you could do and how far you could get. I found it completely absorbing and ended up in a national cybersecurity program when I was 15.
That was an eye-opening experience. It gave structure and context to things I’d been only sort of feeling out for myself before that. At 16, I started exploring the darknet — for research purposes, I promise! – and learning how things worked there. I was impressed, right from the start, by how expansive and connected, and organized it all was, a trend that has only increased since then.
That early experience has been tremendously valuable for me. Learning how cybercriminals think and work, and interact online isn’t something I learned as an intellectual exercise; it’s something that I absorbed naturally, in the way that you do when you’re encountering a new situation or culture as a teenager. And I’ve never stopped spending time on the darknet.
Bots grabbed my attention early on. Over the years, I’ve focused on all kinds of research and cyber intelligence as CTO in multiple startups, but I always come back to bots. There’s just so much creative energy and thought that goes into building them, and the good bot creators — I mean the ones that are good at it, not good people! — are highly intelligent, detail-oriented problem solvers.
Plus, especially in the last few years, there’s been a real focus and expansion on the bots side, with more types and greater sophistication, and more bot creators working on different challenges. Of course, we feel the pain of that on the detection side, but that’s how the arms race works.
Bots have evolved fast and furious — can you explain how you see this evolution from an “inside” perspective?
It’s true: the evolution is moving quickly. Part of that, as I say, is that it’s a hot area in the cybercriminal community. And part of it is just that it makes sense, from the criminal perspective, for two reasons: impact and ROI.
Impact: A bot dramatically expands the scale and speed at which someone can work. It automates pesky parts of an attack, greatly increasing efficiency and meaning more thought can go into continual improvements and new tricks (which are often, in time, incorporated into future bots).
ROI: A bot maker can use the bot themselves in attacks that steal data or items. Or they can sell bots they have created to other criminals, creating steady income. They can also rent out the use of their bot on a subscription or per-use basis. In one way and another, it’s a great income generator.
Due to both of these factors, it’s worth criminals’ while to make better and more effective bots. It used to be that DDOS attacks were popular, and now you see that kind of “scale attack mindset” being expressed through bots instead.
You can use a bot for practically anything. Steal items, scrape details, create accounts, attempt logins with username/email and passwords — you name it, they can build it. And they, or someone else, can use it at scale.
Bots are fascinating in their own right, but what do you see as the most threatening practical implications?
I think what’s most alarming right now is how sophisticated they’re coming. There’s a big community around bots now, and it has matured. There’s a lot of experience and knowledge there, as well as creativity and drive. And it’s a helpful community, by and large — they share advice, suggest fixes, and share code snippets.
The code kiddies I met back when I was a teenager myself are all grown up now, and some of them are still in this line of work. The more ROI bot makers get, the more gets invested back into the community and bot creation. It’s sort of like a successful startup field in that way.
Of course, the anti-bot companies and solutions are evolving as well and getting smarter, so the arms race continues — but for a lot of the bot creators, the good ones, that’s a feature rather than a bug. They find the race exhilarating. I admit, I do too.
In what direction do you see bots evolving in the near future?
I think the main direction I see coming is the move toward multi-purpose bots.
It used to be that a bot creator would write a program for something specific. The bot would be for ATO — and often, for one part of the ATO attack. Or it might be for fake reviews or whatever. But it only did one job.
Now, I’m seeing a trend towards making bots that you can use for lots of things, which is great for user experience on the criminal side. I think that trend is going to continue and become the new norm, at least for a while.
Of course, the more this happens, the more likely it is to draw attention from the bot detection and defense side. It’s never boring in this industry.
What one thing do fraud fighters need to know about bots?
That bots aren’t just about bots. Whatever fraud your company is struggling with, it probably starts with bots or has bots in the mix somewhere. If you miss the bot part of the picture, or if you silo your bot detection separately from the rest of your fraud-fighting work, you’re going to miss out on what’s really going on.
It’s easiest to see this with ATO; you might be worrying about the transactions that go through because of ATO. But the attack started days or weeks earlier, with a credential stuffing bot attack — which looked like it had no real consequence at the time. But it wasn’t really that the fraudsters did nothing; it was that they were preparing for the later attack.
The same pattern happens with other kinds of fraud as well. You need to understand, identify and include bots as part of your fraud-fighting strategy. That’s why we were so excited about Immue being acquired by Forter; it’s the ideal combination for maximum impact on the defensive side.
A word of optimism to end on?
I’m surprisingly optimistic for someone who spends so much time hanging out on the darknet. Yes, the challenge bots represent is growing. But the attitude of the fraud-fighting and cybersecurity community is evolving quickly, and we’re increasing in not only technological sophistication but awareness of bots and what they can do and why it matters.
The fraud prevention and cybersecurity industries have incredible people in them. The more clearly they see the problem bots represent — and they are starting to see this very clearly — the more confident I am that the solutions we find will be powerful, cutting edge, and effective. I’m proud to be a part of that.