3 Million Strong Botnet Grows Right Under Twitter's Nose (softpedia.com) 48
An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.
So... (Score:5, Funny)
Re: (Score:2)
Re: (Score:1)
From TFA:
Besides being a possible source of fake Twitter followers, these three botnets may be very well a source of Twitter spam, but also just a test from Twitter's devs.
According to the latest statistics, Twitter was bragging about having over 310 MAUs (Monthly Active Users). If the botnet's bots are logging on and interacting with the service once per month, and they are part of this statistic, then the @SAF botnet would represent nearly 1 percent of Twitter's entire userbase.
A company that generates z
Re: (Score:2)
Does this mean that twitter is finally figuring out how to make a profit?
Or that Twitter has become self-aware?
Re: Do we really need to learn Twitter's technical (Score:4, Funny)
I thought the summary was well presented that even you could understand it.
Re: (Score:3)
Sounds a LOT like you want more than a summary. Where details aren't always explained. Hence the reason it's called a summary...
Maybe try the article?
Re: (Score:3)
The summary is supposed to help me decide if I want to read the article* and comments. I know people complain about dumbing down, but it is possible to write a summary that is both intelligible by people not familiar with the jargon while still presenting some relevant technical detail.
In this case I think the use of the word "botnet" is highly misleading and adds to the confusion.
* ha ha, yeah ok
Re: (Score:2)
The whole thing appears to have been written by someone with very specific inside knowledge of a lot of technical details about Twitter.
It more reads like someone making a whole heap of guesses and reaching unsupported conclusions, based on what they think they know about technical details about Twitter. The English language mangling and failure to write clearly comes as special added bonus that only Slashdot can supply.
All the summary you need;
"Something odd happened on Twitter. It was probably something they did themselves and it's not clear why anyone but Twitter should care."
Re:Do we really need to learn Twitter's technical (Score:4)
Re:Do we really need to learn Twitter's technical (Score:4, Informative)
Please do not re-use the term botnet for this. That term was obviously used to overstate the importance of this story. This is the current definition of a botnet.
a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
This isn't a botnet. This is botspam. And for all we know in 2014, Twitter wasn't even checking that new accounts were created through different ip addresses, for the simple reason that companies like Twitter often tout the number of accounts created on their platform as their own measure of success.
Re: (Score:2)
This isn't a botnet. This is botspam.
I thought the same thing when I started reading the summary.
I guess they don't know the difference.
Re: (Score:1)
Each Twitter account has a username, which can be changed anytime by the user, and a numeric ID which cannot be changed. The numeric ID is what's used to tie various database tables together, because it's immutable, so relationships between the account/tweets/friends/followers remain intact even if the username is changed. Much like Facebook, there's a way to access Twitter accounts using their numeric ID instead of their username by plugging the numeric ID into a URL. By iterating over the numeric IDs, fet
Re: (Score:3)
Quantity good, Grog rich! (Score:2)
Staffers were probably thinking, "Oh good, a big juicy user-signup bonus check!", not unlike the no-doc loan grab that crashed the world economy.
Re: (Score:2)
Just one thing... (Score:1)
Who cares!?
Only Twits Need Worry (Score:1)
Trumpbots (Score:1)
Re: Trumpbots (Score:1)
You forgot to mention Killary is an old fat bag! Have you seen those tops she wears lately? They're like huge garbage bags.
"1% of twitter" (Score:2)
Whatever.
Re: (Score:2)
Oh you sill man.
There's porn on Twitter.
Proabably test accounts (Score:5, Interesting)
If Twitter doesn't nuke these accounts pretty quickly, we can be pretty sure they are test accounts. I mean 3 million botnets could easily destroy twitter.
I think very telling is this part: "It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them." Yes. Twitter reserved them and used them. They are the only ones who can line up user names with ids like that.
Re: (Score:2)
If the IDs weren't used by normal accounts and then later were used, Twitter surely has to have some involvement.
What percent of twitter accounts are actually !bot (Score:2)
Twitter claims something like 5% of all accounts are fake/bots
Analysts mostly think that about 15% of all accounts are fake/bots
When was the last time you ever heard anyone say out loud "oh yeah I tweeted that"?
I think closer to 35% of all accounts are simply (mostly) harmless retweet accounts, 5% malicious accounts, 40% inactive accounts (in the last 30 days) and 20% actually login every couple of days, let alone daily or more than once a day.
How Twitter manages to convince advertis
Re: (Score:1)
Query large accounts and you find out, that 60% - 70% of their followers are either inactive or bot's.
This is one of the reason why twitter has no native tools to find and remove bots and inactive accounts. They need to look good for advertisers.
Possible Explanation: Tweetpoclypse Gap (Score:1)