
Massive networks of fake accounts found on Twitter - randomname2
http://www.bbc.com/news/technology-38724082
======
jashkenas
I would imagine that it's possible that some of the people reading these
comments might already know a lot more detail about Twitter/Facebook bots than
this story goes into.

Although you fine folks might remember me from a few other projects, I'm
currently a Graphics Editor at The New York Times. We're actively curious and
interested in pursuing lines of inquiry about this sort of behavior, and if
any HN'ers have any interesting leads or tips, I'd encourage you to get in
touch. You can reach me at my username @nytimes.com, or email me and I'll send
you my Signal number.

~~~
_pecl
I personally have thousands of Twitter accounts I control just for fun; I
mostly use them for pranks, though in aggregate there are a few million
followers between them (not sure how many duplicates there are, or,
ironically, how many of their followers are bots). You can even buy software
to create and manage Twitter accounts pretty easily in blackhat forums.

For mine, I scraped a bunch of Instagram pictures for photos, auto-generated a
bunch of bios using a few basic parameters, e.g. "Beer lover, proud parent."
Names were easy - the most popular first & last names from census records, mix
and match. Grab a few lat/longs and convert them to the biggest US cities and
you have a location, find some data source to tweet from (breaking news is
easiest) and you have a fully automated, human-like Twitter account. For bonus
points, Pick a random color toward the low ends of the hexadecimal range (
rand(a..c)++rand(0..f)++rand(a..c)++rand(0..f)++rand(a..c)++rand(0..f) works
fine) and you even look like your page is personalized down to the _color_.

Start following random people and 10% follow back (even more if you follow
people who are tweeting about similar keywords as you - kindred spirits I
guess).

The only tricky part is making sure you don't cross lines with your IPs. You
could buy/rent them privately, but you really only want to keep a few accounts
(3-5) to each IP, so that gets expensive ($.75/IP/month) when you don't have a
really good reason to use your accounts. You can scrape free listings for
them, but those are nasty, slow, and can cause bans if Twitter decides to take
down a whole range or if you are forced to switch IPs too quickly.

Device type, browser, etc. is easy to spoof.

Should you decide to, it's also really easy to change name, username, and
profile picture of an account in the future. So if I wanted a few thousand
Trump-supporting (or Trump-hating) sock puppets I could have them today.

If you don't want to buy/create/manage Twitter accounts yourself you can get
access to what's called a "panel." A panel is basically an automated, coin-
operated network of fake accounts that you can control at wholesale prices.
Want 5,000 followers? Plug $1/1,000 followers into the panel, supply the
username, and you'll have them in a couple of minutes. Or resell 5,000
followers for $25 and pocket the $20 difference. For example of a panel, see
this ad on blackhatworld: [https://www.blackhatworld.com/seo/the-biggest-smm-
panel-yout...](https://www.blackhatworld.com/seo/the-biggest-smm-panel-
youtube-facebook-instagram-twitter-and-more-90-services.835185/). Nothing
special about this one, just the first I found when I googled. They're a dime
a dozen.

I'm certain there are millions of fake accounts for every service imaginable.

~~~
chinathrow
You are one of the reasons why we don't have nice things. Read the ToS and
respect them, please.

Thank you.

~~~
tomc1985
Unbelievable -- "Hacker News" my ass

HN needs more of this type of comments, not less

~~~
frankmoodie
That's also not an argument

~~~
pessimizer
They don't have to be. They're equal and opposite assertions that cancel each
other out so the thread can proceed as it was.

------
nostrademons
No kidding.

I remember when I first moved to the Bay Area in 2009, I met a smart guy at a
startup meetup, a serial entrepreneur with a previous exit. I asked him what
he was working on, and he said "Oh, I've been writing a Twitter bot that will
follow people of your choosing, engage them in simple conversation, and
retweet their tweets. It's building a network of followers - I don't know yet
what I'd do with that, but it's an asset that's likely valuable to somebody."
I ran into him again a few weeks later, and he'd sold the company.

I think I'd heard from either him or someone here on Hacker News, around that
time, that 75% of Twitter traffic was bots and automated accounts. Note that
that was _early 2009_ , before Twitter went mainstream and when they still had
a really easy-to-use developer API.

~~~
econner
I'd believe it. For what it's worth, something like 80% - 90% of all email is
spam. It's usually better to leave it there and cordon it off so that real
users don't notice it. Spammers don't get feedback that their spam isn't being
shown to real users.

Also 350,000 accounts is hardly "massive" as the clickbait title suggests. No
way that can account for more than a small percentage of traffic.

~~~
austinjp
It's possible that the majority of spam is not meant to be seen by humans, but
is instead designed to train spam filters and keep them busy, so some payload
still penetrates the shield.

~~~
banku_brougham
I enjoy stories about this, they dont show up here often because its assumed
to be a solved problem. But the spam wars continue!

------
OliverJones
Huh.

The landline telephone business has, for a long time now, been compromised by
spammers and bots (telemarketing calls and robocalls). I canceled my land line
about four years ago after going for three months without receiving a single
call I wanted.

It seems the commercial social networks are headed for the same fate. And,
they're headed for hardnosed and unpleasant regulation by governments. They
probably need to clean up their acts.

~~~
ashark
My cell phone's the same way now. Maybe one in ten calls, at best, isn't
phone-spam. And that's _with_ being on the Do Not Call list. I've been trying
to figure out a way to do without an actual phone (except maybe a burner on
the off chance I need to call 911) as a result. Text is by far the more
valuable side of my phone plan, but mostly because everyone wants to use it
for auth these days (I could switch to another messaging service for actual
communication with people I know)

~~~
warcher
Protip: I moved my legacy phone number (the number you get for customer
service calls, that I hand out publicly, etc) over to google voice years ago.
It follows me from phone to phone as I move carriers, everybody can reach me,
and their "Press one to connect to the phone" feature throws off robodialers
very effectively.

The only downside is that google voice smells like the kind of service that
google doesn't regard as a needle mover and it's probably a question of when
it gets axed, not if.

~~~
xanderstrike
Google Voice has been rolled into Fi now (when you transfer your number into
Fi, it becomes a google voice number). I think Google Voice has a few more
years in it at the very least.

------
danso
This seems like a pretty straightforward thing to identify. I remember when
the NYT's story, "The Agency", was published [0], some of the fake accounts it
had mentioned were still up. Even though the accounts in that story were
actually populated by real people, the sockpuppetry was pretty easy to
identify. One: the accounts' past tweets right up until they started spreading
the news about the fake U.S. disaster were in Russian. Two, all of the tweets
of the fake news had almost exactly the same number of favorites and retweets
(around 300), and you could see that everyone in that cluster was just
retweeting each other.

I'm more fascinated by the spam by Facebook accounts. These show up _all the
time_ in relatively popular comment sections, and yet apparently FB doesn't
care, or the problem is trickier to automatically flag. For example, this
comment [1] is clearly spam...but if you click through to the account, it
seems to be a real person [1], with a normal-seemingly friend network, mundane
photos of life that aren't obviously stock photography. There are a few junk
comments (a bunch of "hi's", but as an outsider, this is what makes FB a lot
trickier to analyze, because you don't know how much privacy that user has
enabled on their own account.

[0] [https://www.nytimes.com/2015/06/07/magazine/the-
agency.html](https://www.nytimes.com/2015/06/07/magazine/the-agency.html)

[1] [http://imgur.com/a/Rr8d3](http://imgur.com/a/Rr8d3)

[2] [https://www.facebook.com/gulfam.raj](https://www.facebook.com/gulfam.raj)

~~~
wmorein
I've seen a lot of cases of people's accounts being cloned and then being used
to re-friend their friends. I've always wondered a bit about what they are
going to be used for and I suspect this is one of the potential options.

~~~
pfarnsworth
They will contact the friends list and ask for money because they got into an
accident, foreign country, etc. This happened to my wife and her friends, but
luckily no one fell for it.

------
KirinDave
I'm just amazed at this entire series of threads. "Gosh, who knew violating
social network ToS by proxy and creating massive false consensus networks was
so easy?"

Everyone. Everyone should know.

We're watching this terrible trend rip apart the entire social proposition of
the internet after spending 2 decades trying and finally achieving buy in. And
here y'all are, hopefulls for a digital economy cheerfully defrauding the very
networks that will probably bet the monetization strategy for many startups
that pass through HN's doors.

The total lack of any personal responsibility here, or notion of
consequence... It stuns me.

~~~
LightskinKanye
The Tragedy of the Commons states that I am free to exploit this flaw. But we
as a society should probably do something about it

~~~
KirinDave
You are what I am talking about.

You are part of society. Your obligation is not only to find better ways to
stop it but to NOT DO IT. We are all free to make terrible choices that hurt
others. That doesn't mean we're compelled to do so because, "Welp, I guess
that's just how it goes."

~~~
LightskinKanye
Easy for you to say when you've had a company of yours acquired for millions.

What about those that are struggling to find a place to sleep, not give our
lives up to commuting, and pay our student debts?

What about the Rights Approach to ethics? Don't I have a right to be able to
eat?

What I am saying is that we as a society (but mostly the leadership of
Twitter) should act to make their service not a Common ground to be exploited.

------
tristanj
In their recent SEC filings, Twitter estimates around 5% of the MAUs are
spammers or bots. They also estimate they have 317 million MAUs, which when
you work it out gives around 16.7 million monthly spammers or bots.

Numbers come from their 2016 Q3 filing
[https://investor.twitterinc.com/secfiling.cfm?filingID=15645...](https://investor.twitterinc.com/secfiling.cfm?filingID=1564590-16-26749&CIK=1418091)

~~~
astrodust
I think that's an optimistically low estimate.

~~~
pavanky
Why ?

~~~
CharlesW
It's not possible to be completely sure that 5% isn't a reality-based
estimate, but it's typical for services like Twitter Audit and BotOrNot to
identify half or more of a celebrity's followers as bots.

For example, as I type this BotOrNot estimates that 34% of @RealDonaldTrump
followers, and 48% of @BarackObama followers, are real.

Just from being a nobody on Twitter who uses it almost every day, I'd also
agree that 5% is laughably optimistic.

~~~
jonknee
They are estimating active users, so it's a little hard to compare to follower
accounts. A spam account from 4 years ago that followed 1,000 people and
stopped would show up in 1,000 different places despite not being an active
user.

------
ChuckMcM
The question this sort of thing leaves me with is "Why does
{Twitter/Facebook/Google} permit this? What are they getting out of it?"

Its pretty clear what the bot guys get out of it, pay to promote services, pay
for followers, etc. They can monetize "fame" through the robotic horde. But as
this article and ones before it point out, these networks are generally quite
easy to spot. So why not take them out?

It probably isn't because they can pad 'subscriber growth' or 'MAU' numbers,
they appear to be only small components of that number. And while I could
imagine it may be hard to purge them at the moment, its been a problem long
enough that _someone_ in engineering must have figured out a system for taking
down large numbers of accounts.

The only thing I can come up with, and it is way too tin-hattish to really
count, is that it creates an "observable" for the underside of the Internet.
By watching what people are asking the twitter bots to do you can observe
other objectives that are perhaps less observable. There are some obvious
customers for that but I don't think they actually pay for that (except
perhaps by buying access to the Firehose)

~~~
mike_hearn
They don't "permit" this. I used to work on anti-bot technology at Google and
we put a lot of effort into fighting botting, in particular on Gmail. We were
quite successful at the time. Bot controlled accounts went from being a
problem that was threatening the viability of the service to being fairly
trivial. I don't know what it's like these days.

Anti-abuse teams tend to be relatively small. We aren't talking hundreds of
engineers here, we're talking like maybe 10-15 engineers. When you look at the
relative effectiveness of different networks, you can be comparing something
as trivial and random as whether one or two people happened to figure out a
good strategy or not. There is no need for conspiracy theories.

The costs of accounts on different networks is a reasonable proxy for
effectiveness at bot fighting. My favourite site has always been this one:

[https://buyaccs.com/](https://buyaccs.com/)

From a quick check it seems Twitter is getting better at it. Prices used to be
more like in the low $20/k range. Now the low end accounts are $45/k and if
you want PVAd/profiled it's up near $90. Compare to Gmail where the price is
more like $280/k. Or Facebook EN accounts, $120. Good to see my old colleagues
doing such a good job!

In the case of Twitter, my view is that their relatively low performance on
botting is a side effect of the whole social justice / campus politics
movement. I heard from a friend who works there that their focus was switched
almost entirely to fighting human abuse like people being nasty to each other,
political extremism, terrorism, etc. If you remember, just a few years ago
Twitter was being attacked in the media for being filled with trolling and
nastyness. So of course that became their priority. Anti-botting took a back
seat.

Nowadays there's suddenly a bout of anti-Russian hysteria. Suddenly bots are
in focus again. There are conspiracy theories about botted accounts being used
to convince people to change their political positions. Having worked in the
industry for years I am deeply skeptical about this. I never once saw bots
being used for political ends or anything even approaching it. There is a lot
of disinformation out there about Russia right now from western sources, and a
lot of paranoia that doesn't seem to be justifiable.

I'd guess RT does far, far more to create pro-Russian support than anything
happening on Twitter does.

~~~
zxcdw
> From a quick check it seems Twitter is getting better at it. Prices used to
> be more like in the low $20/k range. Now the low end accounts are $45/k and
> if you want PVAd/profiled it's up near $90. Compare to Gmail where the price
> is more like $280/k. Or Facebook EN accounts, $120. Good to see my old
> colleagues doing such a good job!

Perhaps there's just more demand?

> Nowadays there's suddenly a bout of anti-Russian hysteria. Suddenly bots are
> in focus again. There are conspiracy theories about botted accounts being
> used to convince people to change their political positions. Having worked
> in the industry for years I am deeply skeptical about this. I never once saw
> bots being used for political ends or anything even approaching it. There is
> a lot of disinformation out there about Russia right now from western
> sources, and a lot of paranoia that doesn't seem to be justifiable.

The fact that you've worked for Google on anti-botting and didn't see the
technique you were tasked to counter used for political means might be leaving
you biased. Without pointing fingers, I just want to state that there's
tremendous political opportunity in spreading misinformation via internet (via
any media really), it's amazing that in 2017 this isn't clear for _everyone_.

~~~
mike_hearn
My experience was that prices never really changed unless the difficulty of
creating/keeping accounts went up. Demand was pretty stable over time, only
supply changed.

And yes, of course my experience of what bots were used for left me "biased"
as to what they're used for. How is actual experience bias?

------
niftich
I'm not surprised. This has been a phenomenon for a very, very long time
[1][2][3][4][5][6][7][8].

[1]
[https://news.ycombinator.com/item?id=11905266#11906591](https://news.ycombinator.com/item?id=11905266#11906591)
[2]
[https://news.ycombinator.com/item?id=9170433](https://news.ycombinator.com/item?id=9170433)
[3]
[https://news.ycombinator.com/item?id=485659](https://news.ycombinator.com/item?id=485659)
[4]
[https://news.ycombinator.com/item?id=5525638](https://news.ycombinator.com/item?id=5525638)
[5]
[https://news.ycombinator.com/item?id=5501654](https://news.ycombinator.com/item?id=5501654)
[6]
[https://news.ycombinator.com/item?id=5996790](https://news.ycombinator.com/item?id=5996790)
[7]
[https://news.ycombinator.com/item?id=833188](https://news.ycombinator.com/item?id=833188)
[8]
[https://news.ycombinator.com/item?id=4346386](https://news.ycombinator.com/item?id=4346386)

------
mtgx
I think this story is getting more coverage than the one from a few months ago
that showed that, for instance, both Clinton and Trump had _millions_ of fake
accounts following them:

> _Per eZanga, 4.3 million—or 39 percent—of Trump 's more than 11 million
> Twitter followers as of August came from fake accounts while the other 6.7
> million are actually real users. And for Clinton, 3.1 million—or 37
> percent—of her more than 8 million followers were fake while 5.3 million
> come from real accounts._

[http://www.adweek.com/news/technology/more-third-
presidentia...](http://www.adweek.com/news/technology/more-third-presidential-
candidates-twitter-followers-are-reportedly-fake-173628)

350,000 is about 0.1% of Twitter's user base. Does anyone here think the
number of fake accounts isn't orders of magnitude higher than that?

------
ohnotthatguy
Anyone on twitter could've told you that. When you're followed by
"@hotttladie3" & "hotttladie453892", it's only reasonable to assume there is
also an @hotttladie4 through @hotttladie452891.

The problem with having a user reporting based plan for acting against fake
accounts in an environment where the psychological motivations of using the
service, if not to disseminate news, or maintain a closet standup comedian
habit, is affirmation. In almost every motivation for using the service, the
user has an incentive to keep their numbers up, whether they are real or not.
A huge part of the game is the number of followers.

Personally I'm just surprised that they've moved from advertising cam sites
(which could conceivably act as a secondary, almost passive income) to quoting
star wars novels while inflating numbers for people who pay for followers.
That's the aspect that confuses me, and makes me feel vulnerable.

~~~
andai
Which part of that confuses you? If it was the quoting SW part, my
understanding is that they used that as a simple source of human language.

------
sjs382
There was a "Ask HN:" post about Twitter bots the other day:
[https://news.ycombinator.com/item?id=13497235](https://news.ycombinator.com/item?id=13497235)

Strange that these bots aren't spammy but are posting every minute or two. I
wonder what they're for...

[https://twitter.com/superpolice001](https://twitter.com/superpolice001)

[https://twitter.com/superpolice002](https://twitter.com/superpolice002)

[https://twitter.com/superpolice003](https://twitter.com/superpolice003)

~~~
dceddia
Almost like one of those RSA/Google Authenticator/etc rotating numbers...
always 6 characters, seemingly random, somewhat pronounceable. Weird.

~~~
acqq
As it is twitted exactly every 2 minutes it can actually be a kind of current
confirmation or authentication code.

~~~
funnyfacts365
Dead man's switch?

------
Zikes
> A Twitter spokesman said the social network had clear policy on automation
> that was "strictly enforced".

> Users were barred from writing programs that automatically followed or
> unfollowed accounts or which "favourited" tweets in bulk, he said.

I am constantly getting followed by accounts with tens or hundreds of
thousands of follows and followers, usually checkmarked accounts though I've
never heard of them. It's painfully obvious these verified users are using
bots to randomly follow people, both to spam my inbox with "you have a new
follower" messages and to encourage people to "follow back".

But Twitter does nothing about it. It's not "strictly enforced" at all.

~~~
ryandrake
I have a twitter account but never use it (in fact never tweeted anything).
Every few years or so I get curious and log in and, lo and behold, I have
10-20 more followers than I did last time. Not sure if they are fake, bots,
random people, who knows?

------
chubot
This has become obvious to me after getting a few blog posts at the top of HN.

I just search for my domain on Twitter, and there are dozens of "people" who
do nothing but retweet hacker news articles. They are presumably doing this
for some kind of "reverse" reputation.

I'm interested if anyone has any more insight on this phenomenon. Maybe it's
as simple as convincing some naive users to follow them with links vetted as
high quality.

Examples:

[https://twitter.com/bartezzini](https://twitter.com/bartezzini) (123K tweets,
nothing but HN-type links and comments)

[https://twitter.com/EggmanOrWalrus](https://twitter.com/EggmanOrWalrus)
(15.7k tweets, ditto)

[https://twitter.com/MarkBeacham](https://twitter.com/MarkBeacham)

------
BugsJustFindMe
UCL has dropped the ball on marketing itself. If this had been a student at
MIT or Harvard, the article headline would have started with "MIT/Harvard
Researcher ..." instead of burying the school's name in tiny print in the
middle of the article.

~~~
epistasis
That's true for most universities. Some universities get billing in the
headline, most do not. This is not a function of the press department, but
about the editor's perception of the public's perception.

------
dgfgfdagasdfgfa
Bot accounts, not fake accounts. I don't even know what the latter
means—plenty of people don't associate twitter with their real name. And why
would you!

Secondly, of course there are this many. There are probably many more. I run
several bots myself; there's nothing wrong with this.

Twitter's TOS is only as good as its enforcement, and if there's anything
twitter is terrible at, it's having any control over its community.

~~~
geofft
"Fake" implies deception: it's fake because it counterfeits or forges
something else that is real.

An anonymous or pseudonymous Twitter account run by a human, in the way that a
human is expected to use a Twitter account, is not a fake account: it's real,
just pseudonymous. A bot account that's clearly a bot, like @big_ben_clock or
@choochoobot, isn't a fake account either: it doesn't pretend to be anything
other than what it is.

From the article: "These accounts did not act like the bots other researchers
had found but were clearly not being run by humans."

One thing a network of fake accounts could be doing is inflating follower
counts. A follow from a pseudonymous account that corresponds to an actual
human isn't fake. Even a constant factor or constant term from a small number
of humans with multiple accounts isn't particularly deceptive. But thousands
or millions of follows from accounts run by a handful of humans is deceptive.

Another thing a fake account could be doing is spreading propaganda by
creating the impression that many people agree with a political opinion, when
these "people" are just canned responses, or humans assisted by automation
(but capable of making human replies across large numbers of accounts).

~~~
dgfgfdagasdfgfa
Deception is a great feature. Why is that bad? I don't want Twitter to know my
name. Don't exclude me for valuing my own privacy! I'm certainly not "fake",
and neither are my interactions.

~~~
geofft
I'm not sure how you got that interpretation of "deception" out of what I
said. You're not fake, and I'm not excluding you. You're just also not
deceiving. I certainly don't think your real name is Dgfgfdagasdfgfa.

To repeat what I posted: _An anonymous or pseudonymous Twitter account run by
a human, in the way that a human is expected to use a Twitter account, is not
a fake account: it 's real, just pseudonymous._

------
sergiotapia
Twitter has become unbearable to use for news. Every single submission from
news stations to President Trump is filled with combo-replies from people. 1
dude will bombard the tweet, then a chick, then a different guy.

Example: [http://i.imgur.com/zbyM7YG.png](http://i.imgur.com/zbyM7YG.png)

You need to scroll down at least 5 load-more's to see regular people tweets.
It's a really terrible user experience that Twitter needs to solve.

~~~
iamatworknow
>You need to scroll down at least 5 load-more's to see regular people tweets.

I personally don't find much added value in those tweets, "regular people" or
not. They're basically YouTube comment level at this point.

~~~
andai
And it was at this moment andai that realised, that YouTube comments are
written by regular people.

~~~
ReverseCold
Oh really? I've seen a lot of bot like activity

~~~
andai
I meant (with a great sadness in my heart) that YouTube comments do indeed
come from relatively ordinary members of the human species.

I might be wrong, but I don't think we can simulate flame wars yet.

------
dmix
I remember hearing about this radio host who was competing with another host
to get more followers. Then over about a week one of his fans who owned a bot
net gave him 100k followers. He sent a DM saying "you're welcome, enjoy".

He already had about 250k followers so it wasn't a huge spike in that context
but it was interesting to think of the implications of that when you come
across a random account with 100k followers and 100 following... they might
not be as influential as it seems.

Also this was about a year ago and last I checked his follower account was
roughly the same.

Wasn't there a story on HN about a guy who created a fake identity and twitter
account with 20k followers and got invited (and paid?) to speak at a tech
conference?

------
dxhdr
Twitter says 5% of their MAUs are bots but this surely an underestimate.
Facebook estimates nearly 9% fake users which is also likely too conservative.
Bot traffic in ad fraud is even higher (30+%? every study is different, seems
difficult to measure).

So we have 5-9% as a lower bound and perhaps we can look at e-mail for an
upper bound with nearly 60% spam by volume.

------
pfarnsworth
Is this really a surprise?

I don't even use Twitter, and I have 4 different Twitter accounts. The amount
of fake accounts must be staggering, but there's no way Twitter will cull them
otherwise their MAU numbers will tank, and along with it, their ad rates, etc.

------
debt
This is a great way to spread fake news and get people to see it/engage with
it.

~~~
andai
Don't know why you were downvoted, as this is one of the most important uses
of bots.

Maybe people are sick of hearing the term.

There also seems to be some confusion about its meaning and its purpose.

------
ceedan
\- messages being posted only from Windows phones

The smoking gun. What real person still has one of those.

Disclaimer: I owned a Nokia Lumia 920 for > 2 years.

~~~
ascagnel_
Maybe the OAuth token for a popular WP app got leaked, and now anyone can
authenticate with it?

~~~
akjainaj
All OAuth tokens, even the official ones, are leaked at this point. Google
them.

------
monkmartinez
It is trivial to create a BOT type twitter account.

1\. Get burner email and phone number

2\. Post bot to DO, AWS or run it on a raspi

3\. ???

4\. Profit from all those sweet followers.

Many of them look entirely "real" or they can be hilariously obvious. I would
bet it is happening on Facebook, Instagram, Snap and any other social network
where "value" is derived from followers/eyeballs.

------
avip
The only surprising detail here is the small number mentioned (350K).

Twitter fake accounts are expected to be counted in MMs.

------
clarkenheim
if youve not read it already, here is an excellent interview with Andrés
Sepúlveda who has helped to "rig elections throughout Latin America for almost
a decade" partly through using twitter bots and similar techniques.
[https://www.bloomberg.com/features/2016-how-to-hack-an-
elect...](https://www.bloomberg.com/features/2016-how-to-hack-an-election/)

------
stevesearer
Anecdotally I've seen a huge uptick in spam/bots following my main account on
Twitter since the beginning of the year. Probably 50%+ of my new followers
have been accounts with no profile picture, no tweets, and close to zero
followers.

------
pluma
Everybody talks about bots but let's not forget that there are plenty of bot-
like accounts controlled by humans from poor countries for (fractions of)
pennies. You don't need a "hacker army", just a couple of bucks and a third-
world nation with good enough infrastructure. Look up "click farms".

The problem with this is that while bots can be detected (even if doing so is
an arms race) it's much harder to detect "bot" humans.

------
throwaway112991
this is relevant is as well:
[https://play.google.com/store/apps/details?id=com.hitwe.andr...](https://play.google.com/store/apps/details?id=com.hitwe.android&hl=en)
tldr: 'HitWe' it's a tinder-like dating app with 10M+ installs on google play
(haven't checked itunes). i came across it by browsing dating apps for fun.
most of the bad reviews (1-2 stars) are from people who claim it's 95% fake
profiles etc. many claim that women there just ask for their email etc. some
even claim to have paid some of the women which have then disappeared (but
that's being too naive, IMO. never pay someone you have never met.. ). there
are many many good reviews, but most are only with 5 stars and without any
text (which, to me, is another red flag).

anyway - the most interesting part here is that they actually managed to fool
google, up until this very moment! google recommended me to view their app..
spam does work !

ps - googling (ironic, i know) 'hitwe app scam' showed me this on the first
result: [http://www.datingbusters.com/hitwe-com-exposed-for-fake-
prof...](http://www.datingbusters.com/hitwe-com-exposed-for-fake-profiles-
throughout-their-site/)

i am interested in a response from one of google play's spam
engineers/managers ..

edit: spelling

edit2: it took me 0.5 secs to start sensing that it's a fake-boosted app. a
human reviewer at google could have just scanned the top 100x dating apps in a
single day and map out the fake apps. what do you think?

------
failrate
Oh, it's a lot more than 350k.

------
rch
Spam was a serious and growing problem before the major providers got serious
about filtering. For now I just report clickbait feeds as spam and hope for
the best.

~~~
andai
I thought, "ha, he'd need a botnet to make any noticeable impact", when I
thought, has anyone thought of that?

Using a network of bots to detect and report obvious bot accounts.

~~~
nicolas314
In the same spirit, there is at least one botnet dubbed Linux/Moose [1]
dedicated to penetrating home routers for the sole purpose of creating fake
followers on social networks. [1]
[http://www.welivesecurity.com/2016/11/02/linuxmoose-still-
br...](http://www.welivesecurity.com/2016/11/02/linuxmoose-still-breathing)

------
mtkd
in '08 or '09 I met a guy who was creating 100s or more accounts and paying an
overseas outsourcing company to curate longterm timelines properly (so not
just spam)

he genuinely didn't know why he was doing it at the time (he'd been heavily
involved in gaming Google rankings previously for credit card companies) and
it was at significant cost - but he was completely sure at some point it would
be useful

------
saycheese
Related research paper, "The 'Star Wars' botnet with >350k Twitter bots":

[https://news.ycombinator.com/item?id=13445289](https://news.ycombinator.com/item?id=13445289)

And another paper covering the topic:
[https://news.ycombinator.com/item?id=13445295](https://news.ycombinator.com/item?id=13445295)

------
chrisvogt
I get follows from obvious bots (bio: "click here for 5000 follows") very
regularly on Twitter, Instagram, and Facebook. Instagram almost always removes
the account, Facebook has always responded the account "doesn't violate the
rules", and Twitter I'm not sure about, but I always block and report that
garbage.

------
JohnTHaller
I thought everybody knew that a big chunk of Twitter works this way. I got to
see it in action just a couple weeks ago with a pro-Trump network of fake
Twitter accounts. I had the misfortune of having one of those
@TrumpRulesMAGA4Eva style Twitter accounts reply to something I'd written with
a standard pro-Trump meme. A couple people liked and favorited within an hour
or so and then nothing. Then late on a Saturday night several days later, a
whole network of Twitter accounts favorited and retweeted it. Most of them had
similar style names but some had generic ones or random character strings.
About half had an egg profile picture. Many of the others had tried to look
legitimate with real names and pictures of people but tineye reverse searches
showed 10,000+ hits on the images. Looking at the histories of the accounts,
they'd all been used similarly for months.

------
eriknstr
SoundCloud is full of fake accounts. I get a couple of new followers every now
and then and it feels like 95% of them have mentions of "buy followers". I
always report spam bots whenever I spot them on SoundCloud, Tinder, Facebook
and Reddit, so though I only have very few followers on SC I think all of them
are real people at least. It is very important to always report spam bots and
other types of disruptive fake accounts and I wish that everyone did. If
everyone did then it would be less profitable to run such accounts and then
there would be fewer of them and we would be bothered much less frequently.

------
alphydan
In a time where bots and AI are all the rage, it begs the question: Are some
bots on twitter more useful and insightful than actual people?

I remember a twitter bot (name escames me now) which would crawl pastebin and
tweet updates when passwords / DBs were leaked. It had lots of followers
(security researchers who found it very useful).

Most humans on twitter are boring and waste people's time with youtube style
comments. Most bots are spammy and waste time too. Why not allow both and let
people decide who they follow/ban?

------
jimnotgym
I found it interesting that a Member of parliament on twitter had hundreds of
obvious bot followers. I presumed he was buying 'popularity'. Maybe more
sinister. Lots of them very recent

~~~
stordoff
Hundreds out of how many? I get a fair number of bot followers on an account I
don't really care about.

------
eternalban
The paper:
[https://arxiv.org/pdf/1701.02405v1.pdf](https://arxiv.org/pdf/1701.02405v1.pdf)

------
thomasthomas
MAUs affect their stock price. MAUs are in their 10k IIRC, does the SEC look
into this? i'm not sure.

------
gesman
There is a whole industry of buying and selling social media "followers".

So I guess this is a product of this.

------
EJTH
I thought this was obious to everyone with a twitter account? I get random bot
follows all the time.

------
ensiferum
Standard stuff, you want media attention for your blog, twitter whatever?
You'll need to have a bot army to upvote your own stuff, relink and like your
content.

Having a botnet is now an essential part of building your social media
following.

------
campuscodi
On the same topic. I think he might have discovered the same botnet.
[http://sadbottrue.com/article/51/](http://sadbottrue.com/article/51/)

~~~
ceedan
To me, it seems like a set of QA/test accounts for Twitter to do load testing
and whatnot.

------
dbrian82
hi,i'm Brian, i had my friend help me hack my ex's email, facebook,
whatsapp,and his phone cause i suspected he was cheating. all he asked for was
a his phone number. he's email is (hotcyberlord425@gmail.com)..IF u need help
tell him Brian referred you to him and he'll help. Am sure his going to help
you do it, good luck

------
ggggtez
For everything people dislike about curation, you avoid these syble attacks

------
EJTH
Meanwhile Twitter banned yet another political youtuber @SargonOfAkkad,
doesn't seem like he did anything against Twitters ToS. Fed up with Twatter to
be honest.

~~~
orionblastar
Yeah I watched a few of his videos on Youtube. He makes fun of feminists and
sjws in his videos, so Twitter doesn't like that stuff and call it harassment
or bullying or whatever.

------
elastic_church
my bots would never be caught up in these criteria. they've been using NLP for
years

------
bikamonki
Twitter is broken. No news here.

------
econner
350,000 accounts is not a "massive network". This is all hype.

