arrow left facebook twitter linkedin medium menu play circle

Twitter Bots: These are the Droids You’re Looking For

At DataVisor, we've uncovered many massive sleeper cells, and recent MIT research is consistent with our findings, especially regarding incubation duration.

By Christopher Watkins January 23, 2017

Photo of Christopher Watkins

about Christopher Watkins
Christopher Watkins is Senior Creative Writer at DataVisor. He brings 10+ years of writing, editing, and strategy experience to his role. He was previously Senior Writer and Chief Words Officer at Udacity. He holds an MFA in Creative Writing from the University of Southern Maine.

Wondering if your company has any crime rings hiding among your users? Most do, but many don’t realize how big a problem they have. Or, they think they have everything under control. Twitter recently discovered how costly overconfidence can be.

Research published in MIT Technology Review demonstrated how big this problem can be when they uncovered sleeper cells on Twitter. Juan Echeverria and Shi Zhou, from University College London, uncovered a Twitter botnet, asleep and undetected since 2013, that was made up of approximately 350k accounts.

They discovered the massive botnet while investigating automated accounts. Odd, but correlated, geographic distribution, as well as matching events and behaviors such as how many tweets they published, the phones they used and follower counts, were major red flags that something was going on. The researchers trained a machine-learning algorithm to recognize the Star Wars quotes being used by all the fake accounts and uncovered the massive 350k account pool.

Is this an isolated case? No, it’s actually just a small drop in a very large bot bucket.

At DataVisor, we’ve uncovered many massive sleeper cells in the wild, and this MIT research is consistent what we’ve found, especially when it comes to how long these sleeper cells incubate before they strike.

We analyzed more than 500 billion events and 300 million user accounts from global online services over the past two years to uncover sleeper cells. We found that they are not only prevalent, but also very patient. In fact, 24%-47% of the malicious accounts we uncovered incubated for more than 30 days after registration. That’s one whole month of looking and acting like a normal user, and avoiding all scrutiny accordingly.

We also found that 11% incubate for more than 100 days and one-third of all malicious accounts have yet to attack—even after our one-year observation period. These are huge groups of user accounts that you won’t know are malicious, even after one full year on your service, because they haven’t done anything wrong yet. They look like normal users and act like normal users, but the truth is, they are being primed to strike.

One crucial difference in our research is how we detected the sleeper cells in the first place—our method is very different than that of the MIT researchers. At DataVisor, we use unsupervised machine learning and don’t require rules—or, in this case, Star Wars quotes—to find correlated behavior and patterns. We are able to do that automatically by analyzing global user events and data in real time.

But while our methods are different, our research results are similar and important to note. All online services need to be aware of the sleeper cell issue and take proactive steps to address it before their bots “wake up.” The damages they can inflict—both financially, and in user trust—can be massive if you don’t detect them in time.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q1 2019

Learn More

Access proprietary data and research results to discover the latest attack techniques and prevention strategies.

Download the Q1 2019 Fraud Index Report from DataVisor to receive unparalleled data-driven insights into the latest attack trends, and the most effective prevention strategies, based on analysis of over 44 billion events, 800 million users, 396 million IP addresses, and more.

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Guard Your Online Marketplace Against Fraud

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful eBook.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This eBook details the entire lifecycle of a fraud attack, and lays out…

Protect your business, your customers, and your data.

Request Demo