
Massive Twitter Botnet - conductor
http://cryptome.org/2014/03/massive-twitter-botnet.htm
======
fiatpandas
Don't really understand the implied connection to NSA or GCHQ. My theory as to
why Snowden is popping up in some of the tweets is because the bots are
probably using something like Markov Chains to generate real sounding (as far
as Twitter spam detection is concerned) tweets sourced from trending content.

The accounts would then be sold as followers, which is an attractive service
to some for a variety of reasons

~~~
dpeck
The Markov stuff seems like such a poor approach. Though you can get by with
it in 140 characters better than other places.

Twitter provides a public stream of tweets. Simply pull tweets out of that, if
it doesn't contain another users name or url, etc. Distribute out to one of
your bots, weighted by chattiness. Get fancy and have some sort of baysian
filtering for what category bucket it falls into and give your bots interests.

~~~
glomph
Wouldn't that be trivial to detect for their spam filters?

~~~
dpeck
Maybe? They never did anything with the proof of concept ones I worked up, but
I never did anything with them other than basic interactions with the network.

I'd guess there are enough duplicate tweets. "Another crappy day at work",
"looking forward to dinner tonight", "going to see my sister this weekend!",
etc. That I doubt it'd be a very useful heuristic.

~~~
simcop2387
I actually did that and let it run for a week. It got flagged for spam pretty
quickly. I suspect because it was a pretty similar tactic to avoid filters.

------
drakaal
I run several Twitter "Bot Nets".

First, They aren't really nets, they all run on a single server (ok they run
on appengine so they aren't quite a single but they aren't a "bot net"). But
they control about 7500 accounts, and I have about 80k accounts I own.

Second, Some of them do have real uses. They respond to certain events when
they happen. Might be a keyword in a news story, might be something else.
Sometimes that is to get the word out for good, sometimes for bad.

Let's say you have a company you like, and you want to drive readership of
good new. My bots would provide positive reinforcement to the authors and
sharers of those articles. Like giving HN karma, but on twitter. The person
who shared the article sees "imaginary bot favorited your tweet" and suddenly
thinks "I should tweet about that company more often".

Other times I use the bots to do things like "pruning" bad ideas. I have a bot
that looks like a Nazi. Acts like a nazi and talks like a hick. When certain
racist remarks or bits of misinformation are shared it responds with positive
reinforcement. Many people then re-evaluate if they want to say thing the Nazi
agrees with.

Rarely do I use my "bots" for nefarious purposes. Sometimes for personal gain,
but not for anything "evil".

-Brandon Wirtz

The NSA knows where to find me too.

~~~
PhasmaFelis
> _Rarely do I use my "bots" for nefarious purposes. Sometimes for personal
> gain, but not for anything "evil"._

I can't tell if you actually believe that, or if you're just trolling.

------
paulmd199
35000 was the tip of the iceberg, it was a small sampling, not an exhaustive
list. I'm only one guy with no power-toys. In all honesty, this is probably a
million-account-plus botnet.

There is a possibility that this was a botnet that sells followers. I know
that this one wasn't into retweeting or linking to anything, though such
botnets do exist.

I wasn't able to prove that is the case with that particular network, as there
were a number of "following nobody, and nobody follows" accounts. But I've
found another that for sure is in the business of so doing. How does one
person with only four very banal tweets get 4000 followers? It turns out that
his followers are indeed bots. This network I will be collecting too. Maybe it
will turn out to overlap.

@paulmd199

PS: I won't insist on the theory that it's government sponsored bot. it could
well be commercial, or just run by some jerk.

~~~
diminoten
I fail to see the reason behind your panicked verbiage. You seem genuinely
upset by this discovery, care to explain why?

Also, it'd be interesting to read some of your reasons for believing this is
in any way, shape, or form a "government sponsored bot". By saying that
without any reasoning, you're placing yourself squarely in the "tinfoil hat"
camp.

~~~
jnbiche
Look, I agree that this is probably commercial spamming, not government, but
let's cut out the "tinfoil hat" bullshit accusations, OK? It's ad hominem
_and_ it's often meant to suppress speculation about possible government
misdeeds.

Many of those who were accused of wearing tinfoil hats because of their views
on government surveillance turned out to be pretty reasonable after all, no?

~~~
diminoten
By definition, "tinfoil hat" has to do with a poorly supported argument, e.g.
a conspiracy theory. If anything, it's begging the question.

At any rate, no, I will not stop it. This guy is crying wolf and he needs to
be called on it.

~~~
jnbiche
>At any rate, no, I will not stop it.

Fine, keep pulling that term out on HN and you will be seen as a provocateur,
whether or not you actually are one.

Edit: And in case it's not clear, I actually do agree that the "botnet" likely
has no connection to the government.

~~~
diminoten
Seen by _you_ as a provocateur, which frankly I'm alright with, Internet
stranger.

------
paulmd199
Update on this: I can now firmly say that this is a retweet scam.

See:

[https://twitter.com/MarissaTanyat](https://twitter.com/MarissaTanyat)

Who also tweeted the following:

#GetInShape with my online #training
[https://twitter.com/Obi_Obadike/status/443220721888546816](https://twitter.com/Obi_Obadike/status/443220721888546816)

Snowden Haarp.... (which connects it to the same botnet)
[https://twitter.com/MarissaTanyat/status/443534242820001792](https://twitter.com/MarissaTanyat/status/443534242820001792)

So officially, they're only spammers, not spooks.

PS: Did I mention that I still despise spammers?

~~~
paulgb
Scammers, too, assuming that whoever paid for the retweet wasn't told that the
only followers were other bots.

------
mey
I feel like I am missing something, I don't see why this is interesting. It
doesn't sound like the "botnet" has any objective beyond being annoying. No
propaganda, no ads, etc.

Waste of resources sure, but interesting results have come out of these
accounts like
[https://en.wikipedia.org/wiki/Horse_ebooks](https://en.wikipedia.org/wiki/Horse_ebooks)

~~~
lalos
I thought @horse_ebooks was an experimental art thing and not a bot at all

~~~
mey
Oddly it was first a bot then an ARG of some sort (the account was sold).

------
scottmp10
This is not a particularly informative article but I see great value in owning
a Twitter botnet. As one example, imagine negative news about a major public
company starts trending. That would certainly be a money-making opportunity.
There are also hard-to-disprove rumors that you could blackmail high profile
people with. Celebrities probably don't want to be trending on Twitter for
having an affair, even if it is a fake report.

So I am not at all surprised that people are investing in building up tons of
what appear to be legit, active accounts.

~~~
at-fates-hands
>>> There are also hard-to-disprove rumors that you could blackmail high
profile people with.

This is exactly how the GCHQ use Twitter:

[http://www.techdirt.com/articles/20140224/17054826340/new-
sn...](http://www.techdirt.com/articles/20140224/17054826340/new-snowden-doc-
reveals-how-gchqnsa-use-internet-to-manipulate-deceive-destroy-
reputations.shtml)

"Among the core self-identified purposes of JTRIG are two tactics: (1) to
inject all sorts of false material onto the internet in order to destroy the
reputation of its targets; and (2) to use social sciences and other techniques
to manipulate online discourse and activism to generate outcomes it considers
desirable"

------
fakeanon
I saw a post about textfile stenography, maybe linked from here or reddit. It
used a source text (the example might've been from textfiles.org or a site
like that) to hide messages, which looked like the text with glitches or typos
or something. I don't not where it is. Here is something that encodes messages
so that they look like spam:
[http://www.spammimic.com/](http://www.spammimic.com/)

Y'know how people control botnets with irc or webposts? Maybe it is something
like that, as other have speculated. But them why would they be posting
messages lots of times? That's a problem in my ideary.

~~~
paulgb
Kind of like a modern version of a numbers station[1]. I love to think that
this is the explanation, but it's probably more mundane.

[1]
[http://en.wikipedia.org/wiki/Numbers_station](http://en.wikipedia.org/wiki/Numbers_station)

~~~
nisa
the FSB got caught using YouTube comments.. I'ts only a german source (but a
legit newspaper, afaik): [http://www.op-marburg.de/Lokales/Marburg/Youtube-
Kommentare-...](http://www.op-marburg.de/Lokales/Marburg/Youtube-Kommentare-
und-tote-Briefkaesten)

FTA (Google Translate, slighty modified): However, there were still "other
channels" as Attorney Siegmund said: In the "Line D1" the spies took simply
Youtube-videos on the Internet. Under harmless videos they put under collusive
usernames hidden messages. And then there was, according to the investigators
nor the agent Vintage bounce points, mainly in North Rhine-Westphalia. There,
hidden mechanical engineer Andreas stop documents that were picked up by
members of the Russian headquarters.

They were even links to accounts.. can't find a better source at the moment.

------
UVB-76
I wouldn't call 35,000 accounts "massive"

Fake accounts are literally everywhere on Twitter. I have no doubt there are
"botnets" out there that are far more sophisticated, more difficult to detect,
and contain many more accounts than this.

~~~
wcummings
He said 35,000, in a small sample

------
guoqiang2
Twitter Fake profile research: [http://barracudalabs.com/2013/07/twitter-
underground-economy...](http://barracudalabs.com/2013/07/twitter-underground-
economy-still-going-strong/)

~~~
paulmd199
Thanks, this is very informative.

------
ChuckMcM
It would be interesting to speculate on what is achieved by this botnet.
Perhaps an overall traffic metric? Or air-cover for legitimate traffic? Tin
foil hatters probably can find a covert comms network in there somewhere.

~~~
UVB-76
Selling followers.

The accounts make tweets to appear active and legitimate; they are given
profile pictures lifted from other accounts, etc.

~~~
ryandrake
OK, maybe I'm dense. So I buy 10,000 nonexistent Twitter followers. How does
that benefit me?

~~~
GeneralMayhem
Makes you look more credible to the next 10,000, who will hopefully be real
people.

------
kaivi
Looks like a boot camp for bots, which will be sold for retweets or as
followers. After the customer pays for N retweets, the bots usually get
slaughtered by Twitter team.

------
jgalt212
Not to sound flip, but my programmatic experience with Twitter, leads me to
believe most of it seems to be one big botnet. Do any largish API crawl of
Twitter and you'll be amazed by the large % of inactive accounts or non-
sensical accounts (which I assume to be bots)

My personal experience (where I mostly follow news organization feeds) is
different.

In short, in my experience it seems Twitter is great as a broadcasting medium
and not so great as a two way communications medium.

------
scottmcleod
Its just someone selling followers - he's overlapping his network to follow
each other and then follow external. Maybe waiting to build legitimate
followings for business, or selling followers for vanity.

He has automation for content generation but the algorithms/spinning sucks so
less unique content is generated. There are many many botnets of larger and
smaller sizes, but same shit applies on Facebook, Instagram and Tumblr (x100).

------
trevoragilbert
This could just be a university research project. I read about a similar one
last year that was focused on how to create bots that mimic human behavior.
Obviously this one would be a much larger scale, but think that knee-jerk
reaction of "shut it down!" is overly aggressive without knowing all the
facts.

~~~
TazeTSchnitzel
My initial reaction was that there's either some sort of stenography going
here (command and control?), or the botnet owner's having some fun.

~~~
trevoragilbert
"Spurned botnet employee left with access to Twitter accounts, tweets millions
of times"

------
superguest
If I was socks I'd definitely be steering the discussion in a direction that
made you think psychological manipulation through social media platforms was
purely the realm of fantasy, then give you all kinds of other suedo-reasons
that a massive botnet could be used for.

------
gchokov
There was speculation that the social networks will outplace the traditional
media, but to some extent, this will not happen. Fake social accounts and
handles are already everywhere nowadays, and they indeed cause good poisoning
on search results.

------
aalpbalkan
I tried some of those twitter handles and they're already suspended.

------
bhartzer
Why hasn't Twitter shut it down yet? There has to be some sort of reason for
it--unless it's the same reason why spammers keep spamming blogs...

~~~
camus2
Growth hacking.

~~~
eli
Hanlon's razor would offer another conclusion.

------
willvarfar
That all the bots say much the same thing is a bit sloppy. If I had a bot net,
I'd add some automated variety to the messages.

------
Cless
Would be interesting if Twitter created their own bot to make it seem like
they have more active users than they actually do.

~~~
joeblau
That reminds me of the payola concept where record labels would buy CDs to
bolster first week record sales.

~~~
aestra
This is a well known way to get on to the New York Times Best Seller List.

[http://en.wikipedia.org/wiki/The_New_York_Times_Best_Seller_...](http://en.wikipedia.org/wiki/The_New_York_Times_Best_Seller_list#Criticisms)

------
scottmcleod
You caught me!

