As posted on How Star Wars helped uncover a Death Star-sized army of bots
Little is known about Twitter botnets, massive groups of automated accounts that are controlled by a master and can pose a threat to social media users through spam and other malignant techniques.
Twitter has been quite active in trying to identify and remove malign botnets. But, in some case, such as the low-profile or dormant ones, detection can be almost impossible.
That was the case for the giganormous botnet uncovered by cyber security experts Juan Echevarria and Shi Zhou at University College London.
Almost by chance, they stumbled across a botnet of more than 350,000 automated accounts, that went undetected since 2013.
Even more more strange is the fact that all those bots tweeted random quotations from at least 11 Star Wars novels.
“We manually checked the text of the tweets and discovered they contained references to Millennium Falcon, Jedi, Luke Skywalker, Obi-wan Kenobi, Boba Fett etc,” Echevarria told Mashable.
A strange map
The researches started their investigation by randomly selecting the details of 6 million English-speaking Twitter accounts — about 1% of the total.
Then, they downloaded the most recent 3,200 tweets along with geo-tags. That allowed them to build a picture of the locations of the tweets. They noticed something strange:
Although the tweet distribution largely coincides with population distribution — densely inhabited areas like cities — there was also a significant number of tweets (23,000) in scarcely populated areas like seas, deserts and frozen lands.
These tweets fill two rectangle areas around North America and Europe (see the image above).
The Force is strong with these bots
After a simple check the researcher found that the accounts all had something in common:
They never published more than 11 tweets.
They were created in just two months in 2013.
They never had more than 10 followers and less than 31 friends.
They never retweeted or mentioned any other Twitter user.
The accounts were all created on a Windows phone.
But most interesting of all, those bots only tweeted random quotations from the Star Wars novels. Here’s an example:
Luke’s answer was to put on an extra burst of speed. There were only ten meters #separating them now. If he could cover t
Each tweet contains only one quotation, often with incomplete sentences or broken words at the beginning or at the end. Here’s a breakdown of the novels included:
Faced with 3,244 bots with similar characteristics, the researchers had no doubt they were dealing with a monstrous botnet.
How big was the botnet?
Echeverria and Zhou had to train a machine learning algorithm, dubbed “Naive Bayes”, to analyse a new, staggering sample of 14 million users. The results were shocking.
“We ran our classifier on this new sample, and found 356,957 Star Wars bots,”Echeverria said. “The algorithm’s accuracy in identifying these bots is over 99%.”
The algorithm works by evaluating the possibility that any user is a Star Wars bot by analysing the word counts:
As opposed to a human one:
The “Star Wars bots”, as they were called, were all created in a few days in June and July 2013, producing 150,000 tweets a day.
“They tweet at most 11 times and then they stop forever,” Echevarria said. “We were only able to detect them when seeing the strange shapes they made on the map.”
Sleeping, not dead
Keeping a low-profile allowed the botnet to escape detection. They remained dormant or inactive, and were not deleted. So in theory they could be awakened at any time, at the master’s signal.
“Some people believe this is just a ‘test run’ or the work of an amateur. However, there is always the possibility that these bots were created to be awoken at a later time, the truth is we do not know,” Echevarria said.
Tweeting random quotations from novels helped the tweets appear as if they were human. The bots also had profile pictures — not the usual egg.
Why were these fake Twitter accounts created?
Echevarria and Zhou believe they were made as “followers for sale”. Since the accounts have been silent for more than 3 years, it is very unlikely that Twitter will label them as fake. Therefore, they have a high value on the black market.
Researchers say about 15,000 of the bots have followers from human users, which makes the sales theory more plausible.
Echevarria and Zhou are now working on another YUGE botnet. But details are still scarce. “We have found another one that is over 500,000 bots which will be reported in a subsequent paper.”
The Force is definitely with them.