Slashdot Mirror
3 Million Strong Botnet Grows Right Under Twitter's Nose (softpedia.com)
An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.
Does this mean that twitter is finally figuring out how to make a profit?
"National Security is the chief cause of national insecurity." - Celine's First Law
Staffers were probably thinking, "Oh good, a big juicy user-signup bonus check!", not unlike the no-doc loan grab that crashed the world economy.
Table-ized A.I.
Who cares!?
I thought the summary was well presented that even you could understand it.
Donald Trump is currently trying to explain/blame away the fact that $35k USD of his campaign funds have been paid to a pair of sketchy spammers. I wonder how many of these freshly minted twitter accounts are going to start blasting out pro-Trump whargarbl in the days to come?
Umm... not only does my code make professionals cry, but I'm not even a twitter user and I could grok this easily enough. How is this confusing, they simply list the user number ranges that were registered and how to view the bot accounts. What I would have liked to see is some information on how they were able to register so many accounts in such a short time. Whoever owns this twitter bonnet must also have access to a reasonably sized botnet; there's no way only a few IP addresses could register that many accounts that quickly. Perhaps that is the reason all the accounts were registered so quickly, but it seems like a poor strategy to avoid detection. I guess they are assuming twitter has no interest in dropping 1% of their users banning a single botnet.
I am proud to say I use 0% of Twitter.
Whatever.
This issue is a bit more complicated than you think.
If Twitter doesn't nuke these accounts pretty quickly, we can be pretty sure they are test accounts. I mean 3 million botnets could easily destroy twitter.
I think very telling is this part: "It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them." Yes. Twitter reserved them and used them. They are the only ones who can line up user names with ids like that.
Democracy Now! - your daily, uncensored, corporate-free
I've seen some pathetic whining on here before but whining about maybe needing to actually read the article is an all new level of pathetic.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Sounds a LOT like you want more than a summary. Where details aren't always explained. Hence the reason it's called a summary...
Maybe try the article?
There are two types of people in the world: Those who crave closure
Please do not re-use the term botnet for this. That term was obviously used to overstate the importance of this story. This is the current definition of a botnet.
a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
This isn't a botnet. This is botspam. And for all we know in 2014, Twitter wasn't even checking that new accounts were created through different ip addresses, for the simple reason that companies like Twitter often tout the number of accounts created on their platform as their own measure of success.
Twitter claims something like 5% of all accounts are fake/bots
Analysts mostly think that about 15% of all accounts are fake/bots
When was the last time you ever heard anyone say out loud "oh yeah I tweeted that"?
I think closer to 35% of all accounts are simply (mostly) harmless retweet accounts, 5% malicious accounts, 40% inactive accounts (in the last 30 days) and 20% actually login every couple of days, let alone daily or more than once a day.
How Twitter manages to convince advertisers' clients that they have a real audience to sell them is beyond me. On top of all these bot accounts Twitter has reported totally flat (0% year over year) user growth of active users. I can't wait for this massive pyramid scheme to come tumbling down in the next year or so.
moox. for a new generation.
Query large accounts and you find out, that 60% - 70% of their followers are either inactive or bot's.
This is one of the reason why twitter has no native tools to find and remove bots and inactive accounts. They need to look good for advertisers.
The whole thing appears to have been written by someone with very specific inside knowledge of a lot of technical details about Twitter.
It more reads like someone making a whole heap of guesses and reaching unsupported conclusions, based on what they think they know about technical details about Twitter. The English language mangling and failure to write clearly comes as special added bonus that only Slashdot can supply.
All the summary you need;
"Something odd happened on Twitter. It was probably something they did themselves and it's not clear why anyone but Twitter should care."
The summary is supposed to help me decide if I want to read the article* and comments. I know people complain about dumbing down, but it is possible to write a summary that is both intelligible by people not familiar with the jargon while still presenting some relevant technical detail.
In this case I think the use of the word "botnet" is highly misleading and adds to the confusion.
* ha ha, yeah ok
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
This isn't a botnet. This is botspam.
I thought the same thing when I started reading the summary.
I guess they don't know the difference.
We play the game with the bravery of being out of range
That ID gap is aligned with the 32-bit integer limit, which was manually breached as part of the 1st Tweetpocalypse (http://bit.ly/28MVIF3). It would seem likely to be internally created accounts that re-used that ID space later on.
Each Twitter account has a username, which can be changed anytime by the user, and a numeric ID which cannot be changed. The numeric ID is what's used to tie various database tables together, because it's immutable, so relationships between the account/tweets/friends/followers remain intact even if the username is changed. Much like Facebook, there's a way to access Twitter accounts using their numeric ID instead of their username by plugging the numeric ID into a URL. By iterating over the numeric IDs, fetching the corresponding URL for each one, you can determine the username that corresponds to each ID.
What the researchers here found interesting is that all of these bot-created Twitter accounts apparently correspond to two large blocks of numeric IDs which:
* Have no real user accounts inside them, which is odd, because real people are signing up for Twitter every second of every day. If these bot accounts were created by someone outside of Twitter using publicly available registration processes, you would expect some real users to be mixed in during the hours/days it took to create millions of bot accounts.
* Should have already been used up by the time these accounts were created. As an example, Slashdot is up to post IDs in the 52,000,000 range (yours is #52,365,077). If I was somehow able to make a million posts on Slashdot yesterday, it would be awfully strange if their post IDs turned out to be 6,000,001 - 7,000,000. Those IDs should have been taken by other peoples' posts a long time ago.
All of this hints at someone inside of Twitter being involved in creating these accounts, for whatever purpose.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm