Duo Security, a U.S-based firm, recently conducted research showing how hackers use Twitter to infiltrate millions of devices through user accounts on the social media app. After looking at research data, Duo Security found more than 15,000 Twitter spam accounts.
These accounts were created for the sole function of spamming cryptocurrency users, businesses, professionals and influencer accounts. The fake personas have also impersonated several popular digital asset personalities as a way to mislead users.
Cryptocurrency investment has proven to be immensely profitable, and as a result, its popularity has increased considerably with time. Unfortunately, as more cryptocurrencies emerge as avenues for making profits, so have the number of malicious impersonators within the space.
There has been an influx of new scams within the industry, designed to steal investors’ funds in different ways. Some examples are phishing scams perpetrated via email, pump and dump schemes, ICO scams and Ponzi schemes. Now, in the age of social media and internet technology, a new scam carried out with the use of bots and botnets has emerged.
What is a Bot?
A bot, also known as an internet bot, WWW robot or web robot, is a software application that runs scripts, otherwise known as automated tasks. They are internet robots that crawl the web making the user experience better on many websites according to their design. Typically, bots are created to perform complex functions that a human would typically be slower and less efficient at.
They make up more than half of all web traffic and exist on many web pages. For example, some bots handle translation, comb data for patterns, and even crawl the web to gather information from different websites. Some bots are created for more mundane purposes like helping users with transport information and even stock trading. However, hackers have been able to develop several bots that spam apps like Twitter and have taken it a step further by putting these bots in clusters known as botnets.
What is a Botnet?
A botnet is a network of connected computers, which carry out specific tasks to ensure the smooth running of websites. They are usually implemented positively and used with internet relay chats. Unfortunately, malicious actors can turn these computer bot networks into a medium for gaining access to the devices of unsuspecting users. Botnets are only one example of the many positive internet technologies that have been turned into security threats that users must protect themselves against.
Botnets, especially those that advertise giveaways, often seem like apparent tactics to investors. However, the elaborate planning, creation and strategic positioning of these accounts have far more sinister motives. Duo believes that they are carefully-executed cyberattacks.
How Do Botnets Work?
Botnets work by implanting malicious code on the device of a user, to gain control of it. Usually, this could happen in two ways:
- Through direct hacking of the device.
- Through the use of a program, known as a spider that crawls the web, looking for security vulnerabilities to exploit. This program automatically finds poorly-secured devices and hacks them.
To perpetrate their Twitter scams, bots create an account that is a direct copy of a cryptocurrency-related business account. They also copy such things as the profile picture, name and bio of the account to make it look more convincing. After, they place links in their bios or post-crypto-related content with a link to attract users.
Usually, the link promises to lead to a free token giveaway and new and unsuspecting investors jump at the chance to receive free tokens. To make the scam even more convincing, these accounts follow other high-value accounts. Other bots also like, comment, and retweet their posts.
The purpose of hacking new computers is mostly to add them to the existing network of bots. This happens after the bot has tricked a user into downloading a trojan horse on their device. Following the download, the botnet sends a notification to its creator. This lets the creator know that the victim’s device can now be fully controlled.
What is the Botnet on Twitter?
Duo researchers specifically found that the huge Twitter botnet was created to spread giveaway scams as discussed above. In the process of carrying out its research and analysis, the company collected and examined data from more than 500 million tweets, spread over 88 million Twitter accounts. The study, which occurred between May and July 2018, involved the use of various data protocols on the Twitter API to isolate the data.
The 15,000 bots on the botnet exist in a three-tiered structure, spreading fake news and phishing links with the help of each other. These other fake accounts, known as amplification bots, are used to give credibility to the main bot account by leaving “likes” on scam tweets and engaging with them in other ways. This way, amateur investors view the tweets as legitimate and feel more comfortable clicking the phishing links.
Duo was able to successfully use a specialized mechanism to identify these bot accounts and class them into a dataset– the largest one to date. The mechanism, known as a bot classifier, consisted of complex machine learning algorithms and was also used to map botnet activity. The company also stated that their classifier algorithm was configured to exclude human-operated automated bots from the study.
After the study was concluded, Duo released its processes, algorithms, tools, and techniques related to the study on GitHub. According to the security firm, this open source approach was taken so that other researchers and security professionals can use the data for their research. There is currently a lack of sufficient data on Twitter botnets, and the company considers this, its contribution to solving that problem. The Duo botnet dataset is currently the largest in the world according to their claims.
The company also found a network of information, focused on the scope of bot activity and their influence on the Twitter app. They intend to use this data for more elaborate research that may lead to the development of defense mechanisms against such malicious networks.
According to a claim by Duo, Twitter has failed to completely shield its platform from the bot attacks that currently plague it. However, the platform has been making recent changes to crack down on such activity by malicious users and botnet detection. This includes a massive bot sweep in July 2018 that eliminated millions of Twitter accounts. Unfortunately, there is more work to be done, especially in the case of this colossal botnet that continues to grow and evolve over time.
In recent times, bots have become a common name in cryptocurrency. From trading bots to stock prediction bots, they’ve become useful tools for carrying out different tasks. Unfortunately, there are two sides to every coin and on the other side of this coin, is a vast network of malicious bots with the intention to scam users. With growing security and caution within the space, hackers are finding more creative ways to steal from investors.
There are over 300 million monthly active users on Twitter, making it one of the biggest platforms. This also makes it one of the most potentially problematic social media applications where a cyber attack is concerned.
This is especially worrisome, because scams can hit several million users around the same time if the botnet escalates. The web security community seems to be working hard to prevent this. Social media companies like Twitter and Facebook must work closely to ensure that user experience doesn’t deteriorate due malicious bot activity.