Cybersecurity Experts Discover Botnet of 350,000 Twitter Accounts

An entire botnet of Twitter accounts that have the means to produce spam, manipulate debates, shape public opinion in an insidious manner has been uncovered by researchers at the University College London.

Stumbling upon a Twitter botnet of over 350,000 automated accounts, Juan Echeverria and Shi Zhou, two cybersecurity experts from the educational institution also found out that the botnet had existed undetected, from 2013.

As the MIT Technology Review reports, the two researchers called it the “Star Wars botnet”. The very fact that the botnet remained undiscovered for years poses significant questions about the way in which botnets are tracked and monitored, or lack thereof. It has to be said that the two researchers discovered the botnet by stumbling upon it, almost by accident.

The two researchers set out to find automated Twitter accounts first, proceeding to download details of six million English-speaking Twitter accounts that were randomly selected. That’s a small number, about 1% of the total Twitter accounts in existence.

As a feature, Twitter enables users to download 3,200 of the most recent tweets along with any geo-tags attached to these tweets. Upon mapping the locations of the tweets, the two researchers started to notice a pattern.

Although most of the tweets were seen in densely populated areas in the world, as they should, researchers noticed that a significant portion – some 23,000 tweets – were geo-located in remote, uninhabited locations including deserts and oceans, near Europe and the US.

Charting these locations on a map, the researchers discovered that they formed an area bound by sharp edges and corners, forming two rectangles around the US and Europe. This led to them discovering “two overlapping distributions”, one set of tweets from real users and the other, the researchers determined, from Twitter bots randomly choosing locations within the area.

The goal of such an operation, the researchers deduced, was to convince other real Twitter users that the tweets were created in the two continents, where Twitter is massively popular.

Other details from the researchers’ analysis shows that the accounts had never published more than 11 tweets, did not have more than 10 followers and were all produced by ‘Twitter for Windows phones’.

The tweets themselves read random quotations from Star Wars novels, which explains the name picked by the researchers.

A random search showed 3,000 bot accounts and the researchers wanted to dig deeper. With a machine-learning algorithm to recognize Star Wars bots, the researchers combed through a large database of 14 million English-speaking accounts.

The result? Nearly 350,000 accounts with the same characteristics, all of which were created in just a few days in June and July 2013.

It gets worse, however. The researchers claim to have discovered another botnet, this time with 500,000 accounts. Details of which, they say, will be revealed soon.

Image credit: Pixabay.