Battling Bots: How to Find Fake Twitter Followers

  /     /     /  
Publicated : 23/11/2024   Category : security


Battling Bots: How to Find Fake Twitter Followers


Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.



The discovery of a massive botnet can start with finding a few fake Twitter followers, report Duo researchers investigating the process of identifying and analyzing automated accounts.
Earlier this summer, Duos Olabode Anise, data scientist, and Jordan Wright, principal research and development engineer, wrapped up a project
investigating
how they could detect Twitter bot characteristics. The goal was to create a means of differentiating automated and legitimate accounts, and they built a classifier tool to distinguish bots based on a pre-defined set of traits.
Their research dug into one of the largest random datasets of public Twitter accounts to date, they report. As part of their project, Wright and Anise identified three specific types of bots serving different purposes. Content-generating bots actively create new content (spam, malicious link), amplification bots like and retweet content to boost a tweets popularity, and fake followers are a type of amplification bot intended to inflate users popularity.
The two today published a new report digging into the latter. Their analysis covers how fake followers operate, how they discovered an initial list of fake followers, and how they leveraged that list to unearth a botnet made up of at least 12,000 Twitter accounts.
We understand the fake followers are just as important to the social ecosystem, says Anise. They artificially inflate the ratio of followers to followees.
On one hand, fake followers can be used to harass, or compromise the credibility of, legitimate accounts. On the other, they can boost the popularity of fake accounts, making them appear more credible than they are. The researchers gave a talk at Black Hat USA discussing how a botnet spoofed legitimate accounts to evade detection and spread a cryptocurrency scam.
Spot the Bots
Its tough to tell when a follower is fake, and researchers explain more information is better when analyzing accounts. In general, fake followers are hard to detect on an individual level because they dont show much activity – aside from, of course, following other accounts.
But a lack of activity doesnt mean an account is malicious. Some people create Twitter accounts simply to follow other users and stay current on the news, Anise explains.
So instead of hunting fake followers on an individual basis, the researchers decided to consider their full social networks. Fake followers are typically purchased and used as groups; as a result, they tend to share characteristics because they are developed by the same operator.
But which traits set fake followers apart from real ones? After Anise and Wright wrapped their initial pool of research, the botnet they were watching began to use fake followers to trick people into thinking spoofed Twitter accounts were real. They took a closer look at the followers of a fake Elon Musk Twitter profile and explored their similarities.
One thing that we saw was, [they were] pretty easy to identify, says Anise of the fake followers. These bots werent really trying to hide … if you notice patterns or have a similar account, you can use it to pivot and find other bot accounts.
Timing is one key factor. If a large group of accounts suddenly follows the same profile, for example, theres a higher likelihood theyre fraudulent.
Accounts following the fake Elon Musk profile had a proverb or fortune in their profile description – a quick and easy means of bypassing spam detection. Profile completion is an easy way to determine the quality of a bot; if an account has a profile, it appears to be real. However, creating unique profiles is harder than generating random usernames.
With this in mind, the
researchers could separate
these bots from legitimate followers. Because they were studying the fake accounts as a group, they could observe whether similar accounts had similar behaviors. Once they found a small group of fake followers, they could branch outside that network and look for other fake accounts with similar traits.
How to Crawl for Followers
Anise and Wright uncovered the botnet with a one-degree crawl of a single fake follower. They found a fake account and looked at their social network, as well as the social network for each account the fake follower was following. They then applied a script to search the social network for a specific account. The result is a web of fake and legitimate profiles, connecting which fake accounts are following legitimate ones.
While its a good start, not every bot in a botnet will follow the same people, meaning the researchers may not have caught entire groups of fake followers. To find new ones, Anise explains, they can use a bot found during their initial crawl and search its network for new fake followers. After doing this, they uncovered an additional 1,200 bots.
The two point out that large groups of fake followers have patterns that are easier to recognize; smaller groups, in contrast, may be more subtle. To find smaller groups of fake accounts, the researchers first determined when multiple accounts were created on the same day and consecutively followed a target account.
Related Content:
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
12 Free, Ready-to-Use Security Tools
US Tops Global Malware C2 Distribution
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
 
Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Battling Bots: How to Find Fake Twitter Followers