How a prolific spammer built a 750,000-strong Twitter army to promote his scam
It can be extremely difficult to work out who's actually behind them - but it's not impossible. Satnam Narang, a researcher for security company Symantec has investigated a network of incredibly prolific spam accounts, discovering that almost 750,000 of them were all being operated by a single person.
The accounts in question were promoting "green coffee been extract" - a get-rich quick diet pill (which, obviously, doesn't work). The American market for diet pills is $2 billion a year, so it's easy to see why the spam operator was interested - they "would earn a commission for each successful referral," Narang explains.
The operation utilised three distinct types of spam account:
- Eggs - These were new accounts, with the default "egg" profile picture. Their purpose is primarily to bolster follow numbers of other spam accounts, and made up the majority of the accounts investigated.
- Parrots - Impersonations of "normal" people. They will automatically copy profile pictures and tweets from genuine users to make their accounts look active and engage with the third type of account...
- Mockingbirds - The Mockingbirds are the accounts that disseminate the links to the spam content. They will impersonate celebrities and reputable news outlets like CNN, ABC, TMZ and MTV, and send out links to the bogus diet pills. The parrots will then respond to these tweets positively - making it look like the account is trustworthy.
Here's a screengrab of parrots replying to a Mockingbird's tweet:
Symantec
And here's a diagram from Symantec demonstrating how it works:
Symantec
The Mockingbirds and Parrots will inevitably be flagged up by Twitter's systems and deleted sooner or later. But the operation responds to this by simply "promoting" an egg to a higher rung, and changing how it behaves. And because the egg accounts do very little, they're very rarely found and banned by Twitter. Narang found 700,000 eggs, along with some 40,000 parrots, and less than 100 mockingbirds. Factoring in now-suspended accounts, he predicts that "the spam operator has controlled at least one million Twitter accounts over time."
While the operation has now been reported to Twitter, it's been going on for a long time: The majority of accounts were created around a year ago, but some date back as early as the start of 2012.
So who's behind it? The researcher was able to track down the entire investigation down to a single person, based on "clues" left when registering websites and because the culprit occasionally engaged with his personal account using spam accounts. He hasn't been named (we've reached out to Symantec for more details) - but it shows just how a one dedicated man can construct a vast spam empire.
- I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
- Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
- I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
- 5 things to keep in mind before taking a personal loan
- Markets face heavy fluctuations; settle lower taking downtrend to 4th day
- Move over Bollywood, audio shows are starting to enter the coveted ‘100 Crores Club’
- 10 Powerful foods for lowering bad cholesterol
- Eat Well, live well: 10 Potassium-rich foods to maintain healthy blood pressure