Massive Cryptocurrency Botnet Scam Unearthed on Twitter
While fake cryptocurrency accounts on Twitter may pass off as failed tactics to amateur investors, a major security researcher believes the epidemic is an elaborately-planned, carefully-executed cyberattack consisting of thousands of spam accounts.
Crypto-Twitter Epidemic: Not Child’s Play
According to TechCrunch, U.S.-based Duo Security recently released a report that detailed the elaborate steps utilized by hackers to infiltrate millions of Twitter accounts. From this broad dataset, Duo found that “over 15,000” accounts were exclusively dedicated to spamming the official Twitter pages of digital asset businesses, in addition to impersonating cryptocurrency personalities.
Duo identified and executed a mechanism to identify Twitter account information–solely focusing on the extent of bot attacks and their influence on the microblogging giant. The security firm intends to use this data for supporting research into and preventing widespread bot attacks.
To collate data, Duo used data enrichment protocols on Twitter’s Application Programming Interface (API) to fish for details from 88 million public Twitter accounts while crawling over an estimated 500 million tweets.
Duo then utilized sophisticated machine learning algorithms to model a “bot classifier,” which was later utilized to map botnet activity. It must also be mentioned that the classifier algorithm was programmed as “pure-play,” rather than a “hybrid,” meaning human-operated automated bots were left out from the study.
All Researchers Welcome
Interestingly, the firm made all its techniques and tools related to this study available open source on GitHub. Duo regards this move to the lack of sufficient information on Twitter bots online and offline, priding themselves in creating the world’s largest “botnet database.” The company believes security enthusiasts and researchers can now use this data to conduct different, more elaborate studies.
Duo ascertains the total bots on Twitter is “likely much more” than 15,000, which employ a variety of methods to scam amateurs, with the company singling out the dreaded, and often annoying, “crypto giveaways.”
The company expressed surprise over Twitter’s inaction to mitigate its platform from the risk of bot attacks, pointing out the blatant copying of legitimate Twitter accounts, such as news organizations, cryptocurrency businesses, personalities and even taking over verified “blue tick” accounts.
Twitter Disregards Findings
The research also noted, in some instances, that Twitter placed these bot accounts in their “Who to Follow” list, giving rise to even more questions.
As stated in the report, a Twitter official confirmed the firm was “aware of this form of manipulation,” adding they are “proactively” developing account detection techniques to weed out deceptive accounts.
Playing down Duo’s research efforts, the Twitter spokesperson added:
“In many cases, spammy content is hidden on Twitter on the basis of automated detections. When spammy content is hidden on Twitter from areas like search and conversations, that may not affect its availability via the API. This means certain types of spam may be visible via Twitter’s API even if it is not visible on Twitter itself. Less than 5 percent of Twitter accounts are spam-related.”
Sophistication and How
Duo revealed cryptocurrency bots, in particular, had a “unique three-tier hierarchical structure,” meaning a majority of all bot accounts followed a particular tweeting pattern and maintained similar logic by not deviating much from their defined function.
The researchers also used a “social mapping” technique to determine the social connections of all bot accounts and found most of them were connected to each other in a distinct cluster, connected to several other such clusters.
All clusters were found to logically operate similarly, and bot owners were found to regularly change their tactics across the entirety of the botnet.
The social connection graph also confirmed that all bots “liked” and commented on each other’s posts throughout Twitter, in a process dubbed “artificial inflation” by Duo engineer Jordan Wright. Some bots were found to be present solely to retweet, like and comment on the principal, post-building bots.
Wright added:
“The goal is to give them an artificial popularity so that if I’m the victim and I’m scrolling through Twitter and I come across these tweets I’m more likely to think that they’re legitimate based on how often they’ve been retweeted or how many times they’ve been liked.”
Duo researchers dub the attacks as a sophisticated and highly elaborate method of cyber-scamming. The firm has even turned its findings into a case study, primarily due to the scam’s hierarchy, organization and extent.