Twitter underground economy still going strong
by Jason Ding - Barracuda Labs - Tuesday, 2 July 2013.


Clearly, the differences are quite big between the duplicated fake accounts and their corresponding real accounts. Most of these statistics look very reasonable (dozens of tweets, followers and followings), except for the last one. Real users may tweet at any time and most likely have no obvious trends; hence, the timestamps at minute level are most likely unique, as shown in our result: 96% are unique. Additionally, the Tweet source is diverse: 24% from iPhone, 24% from Web, etc. However, we found that these fake accounts generally tweet several times in a brief period of a day, and then disappeared for a few days, and come back again. Sometimes, these tweets were created so fast, e.g., 5 different tweets with 60+ characters in 1 minute, that they cannot be typed by a normal user, but only by machines. This characteristic leads us to estimate that the percentage of unique tweet timestamps should be lower: only 35% after our computation and 98% of them are coming from Web.

From here, we can easily deduce how Dealers (or hackers) control thousands fake accounts:
  • Each account first is pushed in a processing queue
  • A thread worker then will pop the front account out and log in to Twitter, create several tweets and login out
  • Then, this account will be pushed in the back of the queue again, waiting for its next round.
Clearly, this process can be implemented easily by a software program and run automatically on computers. Still, repeating the process of logging in, tweeting, and logging out, for thousands of accounts, will take a significant amount of time; hence, it generally will take a few days for an account to tweet again. (Of course, Dealers can spend more money and time to remove this tweeting characteristic, for example, using more machines to speed up the turnaround or tweet once in each login.)

Overall, we clearly can observe a new trend on the Twitter follower trading business: Dealers are getting smarter to make these fake accounts look more authentic.

Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //