January 20, 2017 by

Cybersecurity Experts Discover Botnet of 350,000 Twitter Accounts

An entire botnet of Twitter accounts that have the means to produce spam, manipulate debates, shape public opinion in an insidious manner has been uncovered by researchers at the University College London.

Stumbling upon a Twitter botnet of over 350,000 automated accounts, Juan Echeverria and Shi Zhou, two cybersecurity experts from the educational institution also found out that the botnet had existed undetected, from 2013.

As the MIT Technology Review reports, the two researchers called it the “Star Wars botnet”. The very fact that the botnet remained undiscovered for years poses significant questions about the way in which botnets are tracked and monitored, or lack thereof. It has to be said that the two researchers discovered the botnet by stumbling upon it, almost by accident.

The two researchers set out to find automated Twitter accounts first, proceeding to download details of six million English-speaking Twitter accounts that were randomly selected. That’s a small number, about 1% of the total Twitter accounts in existence.

As a feature, Twitter enables users to download 3,200 of the most recent tweets along with any geo-tags attached to these tweets. Upon mapping the locations of the tweets, the two researchers started to notice a pattern.

Although most of the tweets were seen in densely populated areas in the world, as they should, researchers noticed that a significant portion – some 23,000 tweets – were geo-located in remote, uninhabited locations including deserts and oceans, near Europe and the US.

Charting these locations on a map, the researchers discovered that they formed an area bound by sharp edges and corners, forming two rectangles around the US and Europe. This led to them discovering “two overlapping distributions”, one set of tweets from real users and the other, the researchers determined, from Twitter bots randomly choosing locations within the area.

The goal of such an operation, the researchers deduced, was to convince other real Twitter users that the tweets were created in the two continents, where Twitter is massively popular.

Other details from the researchers’ analysis shows that the accounts had never published more than 11 tweets, did not have more than 10 followers and were all produced by ‘Twitter for Windows phones’.

The tweets themselves read random quotations from Star Wars novels, which explains the name picked by the researchers.

A random search showed 3,000 bot accounts and the researchers wanted to dig deeper. With a machine-learning algorithm to recognize Star Wars bots, the researchers combed through a large database of 14 million English-speaking accounts.

The result? Nearly 350,000 accounts with the same characteristics, all of which were created in just a few days in June and July 2013.

It gets worse, however. The researchers claim to have discovered another botnet, this time with 500,000 accounts. Details of which, they say, will be revealed soon.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and...

Read more arrow_forward

DDoS Attacks Blamed on Mirai-Style Botnet of 70,000 Android Devices

Researchers from a number of cybersecurity giants are banding together to fight a vast botnet...

Read more arrow_forward

Mysterious IoT Worm Hajime Builds 300,000-Strong Botnet

A new ‘vigilante’ IoT worm that blocks rival botnets, titled Hajime (Japanese for...

Read more arrow_forward