C&ESAR 2020, Computer & Electronics Security Applications Rendez-vous, Deceptive security Conference, part of European Cyber Week, 14-15 December, Rennes, France
Airline websites are the victims of unauthorized online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. They are provided by specialized companies that offer them as bots as a service" and they leverage professional proxy-
ing companies (mis)using millions of residential IP addresses. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airline websites. In this work, we present a platform capable of mimicking these sites, at a much lower cost, and we provide early results on an experiment in which we have lured for almost 2 months several bots and have fed them
indistinguishable inaccurate information.