On the hunt for Twitter bots

How security researchers were able to track down cryptocurrency bots on Twitter.

If you look at the news lately, it seems that everyone is up in arms about Twitter bots. From political disinformation to trolls with fake news or simply just fake accounts claiming to give you cryptocurrency, we can all agree that these bots suck. There, I said it.

The question still remains, though: How many bots are there on Twitter? Twitter has been culling fake accounts, but I still see them daily, popping up and ruining many of my Twitter searches. Anyone else share my frustration?

At Black Hat USA 2018, a pair of researchers from Duo Security presented some research on tracking down Twitter bots, and also showcased how they were able to scan the bot networks and uncover the web of connectivity for these networks.

The research from Jordan Wright and Olabode Anise, entitled Don’t @ Me, starts by looking at the problem I previously addressed, the increased activity of bots.

In their research, the duo looked at ways to build out the data set using the Twitter API protocol and building data science models that would help predict bot-like activity. If you have some time and are interested in the topic, I would suggest downloading the report.

Essentially, their models searched for accounts that fell into three main categories:

  • Spambots — accounts sharing spam links
  • Fake followers — accounts with no tweets but following a large number of accounts
  • Amplification bots — accounts that simply retweet, like, or reply to tweets from other bot accounts

To help home in on a target, they enriched the data to look for bots involved in “free cryptocurrency” schemes — where accounts impersonate verified Twitter accounts and say that they would give you free cryptocurrency, but really rob you. We discussed this on a past podcast when an Elon Musk counterfeit promised free Ethereum in replies to real tweets from the real Tesla CEO. The account looked real unless you checked the user ID carefully.

Over the course of their research, the team tested out the algorithm and saw that they could predict the cryptobots with high accuracy (sometimes north of 80%), but were less accurate when the bots were non-crypto-related.

When they looked at the social graph of the identified bots, they uncovered an ecosystem of the three bot types working together to amplify the scheme, as you can see in the image below.

Source: <a target="_blank" href="https://duo.com/assets/pdf/Duo-Labs-Dont-At-Me-Twitter-Bots.pdf">Duo Security</a>

Source: Duo Security

Looking at the image, you can see how advanced some of these schemes can be. It also highlights the issues with bots overall and how they can trick people into clicking on sketchy links by displaying a large number of likes and retweets, which are supposed to indicate that people have had a positive experience with what those accounts offer.

The researchers also realized that there is still a lot of work to be done in hunting out the bots infesting the Twitter-sphere. So to give back to the community and to look at expanding future research, they have uploaded their methodology to GitHub for the community to continue the good fight.

It will be interesting to see what comes of this — and how the community will be able to help beat the bots.