Slashdot Mirror
3 Million Strong Botnet Grows Right Under Twitter's Nose (softpedia.com)
An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.
Does this mean that twitter is finally figuring out how to make a profit?
"National Security is the chief cause of national insecurity." - Celine's First Law
In Numbers To Large To Ignore. Unless you are a twit.
This summary seems chock full of details unique to the implementation of Twitter that you would have to know in order to understand the summary. As per Slashdot usual, I can't be bothered to read the actual article. You shouldn't have to read the actual article in order to understand the summary! I don't want to understand this badly enough to see if the article actually explains the summary. Double fault: I don't want to know if the article does explain this enough to read the actual article. Why then am I posting this, you might ask? Because it seemed more fun than attempting to answer the above questions. Bonus darts for anyone who attempts to criticize me on any of these points without getting this far in my post!
Staffers were probably thinking, "Oh good, a big juicy user-signup bonus check!", not unlike the no-doc loan grab that crashed the world economy.
Table-ized A.I.
Who cares!?
Are you a twit?
PUTIN! PUUUUTIIIINNNNN!
I thought the summary was well presented that even you could understand it.
Donald Trump is currently trying to explain/blame away the fact that $35k USD of his campaign funds have been paid to a pair of sketchy spammers. I wonder how many of these freshly minted twitter accounts are going to start blasting out pro-Trump whargarbl in the days to come?
Umm... not only does my code make professionals cry, but I'm not even a twitter user and I could grok this easily enough. How is this confusing, they simply list the user number ranges that were registered and how to view the bot accounts. What I would have liked to see is some information on how they were able to register so many accounts in such a short time. Whoever owns this twitter bonnet must also have access to a reasonably sized botnet; there's no way only a few IP addresses could register that many accounts that quickly. Perhaps that is the reason all the accounts were registered so quickly, but it seems like a poor strategy to avoid detection. I guess they are assuming twitter has no interest in dropping 1% of their users banning a single botnet.
I thought the summary was well presented that even you could understand it.
I thought the summary was well presented.
Really?
Another weird particularity is ....
WTF does that mean? WTF is a "weird particularity"?
synchronized to use Twitter usernames similar to Twitter IDs
WTF is a "Twitter ID"? Where is this Twitter ID? I looked at a bunch of Tweets by a few different people and don't see anything. How do you find someone's Twitter ID?
a gap of 168 million IDs before and after the botnet's creation
Is that 168 million before AND 168 million after? Why is that important? Where/How would you find this information?
it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014
How do you "reserve" a Twitter ID?
The whole thing appears to have been written by someone with very specific inside knowledge of a lot of technical details about Twitter. And in true Slashdot fashion, none of it is presented in a way that makes sense or answers any questions.
I am proud to say I use 0% of Twitter.
Whatever.
This issue is a bit more complicated than you think.
If Twitter doesn't nuke these accounts pretty quickly, we can be pretty sure they are test accounts. I mean 3 million botnets could easily destroy twitter.
I think very telling is this part: "It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them." Yes. Twitter reserved them and used them. They are the only ones who can line up user names with ids like that.
Democracy Now! - your daily, uncensored, corporate-free
I've seen some pathetic whining on here before but whining about maybe needing to actually read the article is an all new level of pathetic.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Sounds a LOT like you want more than a summary. Where details aren't always explained. Hence the reason it's called a summary...
Maybe try the article?
There are two types of people in the world: Those who crave closure
As an extweep, those are test accounts that had their private flag flipped for a test
Please do not re-use the term botnet for this. That term was obviously used to overstate the importance of this story. This is the current definition of a botnet.
a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
This isn't a botnet. This is botspam. And for all we know in 2014, Twitter wasn't even checking that new accounts were created through different ip addresses, for the simple reason that companies like Twitter often tout the number of accounts created on their platform as their own measure of success.
Twitter claims something like 5% of all accounts are fake/bots
Analysts mostly think that about 15% of all accounts are fake/bots
When was the last time you ever heard anyone say out loud "oh yeah I tweeted that"?
I think closer to 35% of all accounts are simply (mostly) harmless retweet accounts, 5% malicious accounts, 40% inactive accounts (in the last 30 days) and 20% actually login every couple of days, let alone daily or more than once a day.
How Twitter manages to convince advertisers' clients that they have a real audience to sell them is beyond me. On top of all these bot accounts Twitter has reported totally flat (0% year over year) user growth of active users. I can't wait for this massive pyramid scheme to come tumbling down in the next year or so.
moox. for a new generation.
All accounts TFA links to are protected. How are you going to "Twitter spam" if no one can see your tweets? Maybe they're internal accounts, or used for sensor data, or for some network experiment. Why should we care?
Query large accounts and you find out, that 60% - 70% of their followers are either inactive or bot's.
This is one of the reason why twitter has no native tools to find and remove bots and inactive accounts. They need to look good for advertisers.
Well, I certainly cannot understand what a 'Twitter ID' is or how one can reserve them, or why any of that matters.
A twitter user has a username. That's what I know. How those are related to 'Twitter IDs', I haven't the faintest clue.
(I'm not a Twitter user either.)
The whole thing appears to have been written by someone with very specific inside knowledge of a lot of technical details about Twitter.
It more reads like someone making a whole heap of guesses and reaching unsupported conclusions, based on what they think they know about technical details about Twitter. The English language mangling and failure to write clearly comes as special added bonus that only Slashdot can supply.
All the summary you need;
"Something odd happened on Twitter. It was probably something they did themselves and it's not clear why anyone but Twitter should care."
The summary is supposed to help me decide if I want to read the article* and comments. I know people complain about dumbing down, but it is possible to write a summary that is both intelligible by people not familiar with the jargon while still presenting some relevant technical detail.
In this case I think the use of the word "botnet" is highly misleading and adds to the confusion.
* ha ha, yeah ok
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Agreed just what we need a delay in registrations to report a disaster should one ever occur. "Your account is being created you are in queue position #100 of 9,000,000 estimated time remaining... 300 years 11 months 6 days"
Did Hillary just gain a few million twitter followers?
How did they register without a phone number? Or is this Gemalto backed op
Who cares? its twitter. I cannot believe there are really that many people that use it, its blows my mind. Heres an idea for a /. poll, do you give a *$#% about twitter if so are you A) 16 years old, B) a Celebrity or C) A social justice warrior who thinks they can change the world by copy pasting one word messages
This isn't a botnet. This is botspam.
I thought the same thing when I started reading the summary.
I guess they don't know the difference.
We play the game with the bravery of being out of range
Most of us thought Twitter was paranoid, especially with all of his sock puppets. 3 million botnets here on /.all posting for Microsoft? And all under his nose? Who'd of thunked that.. Oh wait, this article was talking about Twitter the Social Media Site, not Twitter the Troll? Is this the way out?
That ID gap is aligned with the 32-bit integer limit, which was manually breached as part of the 1st Tweetpocalypse (http://bit.ly/28MVIF3). It would seem likely to be internally created accounts that re-used that ID space later on.
Each Twitter account has a username, which can be changed anytime by the user, and a numeric ID which cannot be changed. The numeric ID is what's used to tie various database tables together, because it's immutable, so relationships between the account/tweets/friends/followers remain intact even if the username is changed. Much like Facebook, there's a way to access Twitter accounts using their numeric ID instead of their username by plugging the numeric ID into a URL. By iterating over the numeric IDs, fetching the corresponding URL for each one, you can determine the username that corresponds to each ID.
What the researchers here found interesting is that all of these bot-created Twitter accounts apparently correspond to two large blocks of numeric IDs which:
* Have no real user accounts inside them, which is odd, because real people are signing up for Twitter every second of every day. If these bot accounts were created by someone outside of Twitter using publicly available registration processes, you would expect some real users to be mixed in during the hours/days it took to create millions of bot accounts.
* Should have already been used up by the time these accounts were created. As an example, Slashdot is up to post IDs in the 52,000,000 range (yours is #52,365,077). If I was somehow able to make a million posts on Slashdot yesterday, it would be awfully strange if their post IDs turned out to be 6,000,001 - 7,000,000. Those IDs should have been taken by other peoples' posts a long time ago.
All of this hints at someone inside of Twitter being involved in creating these accounts, for whatever purpose.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
Thanks. I had a hunch that it had something to do with database id's (primary keys), but the summary did not make that mental link easy to make.