Twitter underground economy still going strong
by Jason Ding - Barracuda Labs - Tuesday, 2 July 2013.

Clearly, the differences are quite big between the duplicated fake accounts and their corresponding real accounts. Most of these statistics look very reasonable (dozens of tweets, followers and followings), except for the last one. Real users may tweet at any time and most likely have no obvious trends; hence, the timestamps at minute level are most likely unique, as shown in our result: 96% are unique. Additionally, the Tweet source is diverse: 24% from iPhone, 24% from Web, etc. However, we found that these fake accounts generally tweet several times in a brief period of a day, and then disappeared for a few days, and come back again. Sometimes, these tweets were created so fast, e.g., 5 different tweets with 60+ characters in 1 minute, that they cannot be typed by a normal user, but only by machines. This characteristic leads us to estimate that the percentage of unique tweet timestamps should be lower: only 35% after our computation and 98% of them are coming from Web.

From here, we can easily deduce how Dealers (or hackers) control thousands fake accounts:
  • Each account first is pushed in a processing queue
  • A thread worker then will pop the front account out and log in to Twitter, create several tweets and login out
  • Then, this account will be pushed in the back of the queue again, waiting for its next round.
Clearly, this process can be implemented easily by a software program and run automatically on computers. Still, repeating the process of logging in, tweeting, and logging out, for thousands of accounts, will take a significant amount of time; hence, it generally will take a few days for an account to tweet again. (Of course, Dealers can spend more money and time to remove this tweeting characteristic, for example, using more machines to speed up the turnaround or tweet once in each login.)

Overall, we clearly can observe a new trend on the Twitter follower trading business: Dealers are getting smarter to make these fake accounts look more authentic.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th