Cybersecurity firm Duo Security has released an analysis of the botnets of Twitter.
During a lengthy paper on the topic, the team behind the research identified over 15,000 bots devoted to scamming users out of cryptocurrency.
Duo Security Provide the Tools to Fight Back Against Botnets
Researchers at Duo Security have identified a massive botnet attempting to scam Twitter users out of their cryptocurrency investments.
The premise is simple. Impersonate a high-profile member of the community on Twitter. Wait until the real person posts something. Follow it up with a spam post advertising some kind of crypto giveaway. All of this happens automatically, with no need for human input.
Alarm bells should immediately ring since the spam accounts request a payment be made to them to receive more back in return.
If you follow what’s colloquially known as “Crypto Twitter”, the research by Duo Security will hardly be a revelation to you.
It has become common practise for high-profile members of the cryptocurrency community to include phrases after their usernames such as “Not Giving Away ETH” to try to minimise the harm caused by such botnets. The profile of Ethereum co-founder Vitalik Buterin is one such example:
This is a *great* guide to what imaginary/complex numbers are:https://t.co/FyXOHdjnIA
— Vitalik Non-giver of Ether (@VitalikButerin) August 10, 2018
Even journalists connected to the space have been targeted.
SunshineCrypto reported earlier this year on the example of Olga Kharif and Lily Katz who cover cryptocurrency topics for Bloomberg. The pair had their profiles spoofed by what are most likely bots trying to elicit payments from unsuspecting followers.
What might be surprising, however, is just how infested Crypto Twitter is with these bots and how sophisticated they are getting.
According to the three-month research project, the cryptocurrency spamming botnet is over 15,000-strong. The fake accounts are also thought to be deploying tactics such as liking posts by other robots to give them a greater air of legitimacy and making slight changes to user’s display images to evade automatic detection by image recognition software.
The culmination of the research is a lengthy paper devoted to the problem of botnets infesting Twitter. A link to this PDF document can be found at cyber security page Naked Security.
The team’s findings were presented at the Black Hat security conference on Wednesday. The talk was titled “Don’t @ Me: Hunting Twitter Bots at Scale.” The team have also followed their work up with an article addressing the issue.
In the article, Duo’s researchers state that they are providing all the tools and techniques developed during the research period for public use. It’s all been made open-source to help further the fight against such malicious programming. Duo also made a plea for anyone handy at coding to develop their research with the aim of creating more sophisticated techniques to identify the bots.
As recently as June, Twitter themselves has pledged to try and crackdown on the spam bots that are so rampant on the network. The research performed by Duo will likely help their fight against the problem.
Featured image from Shutterstock.