arrow left facebook twitter linkedin medium menu play circle

Twitter Bots: These are the Droids You’re Looking For

At DataVisor, we've uncovered many massive sleeper cells, and recent MIT research is consistent with our findings, especially regarding incubation duration.

By Christopher Watkins January 23, 2017

Photo of Christopher Watkins

about Christopher Watkins
Christopher Watkins is Senior Creative Writer at DataVisor. He brings 10+ years of writing, editing, and strategy experience to his role. He was previously Senior Writer and Chief Words Officer at Udacity. He holds an MFA in Creative Writing from the University of Southern Maine.

Wondering if your company has any crime rings hiding among your users? Most do, but many don’t realize how big a problem they have. Or, they think they have everything under control. Twitter recently discovered how costly overconfidence can be.

Research published in MIT Technology Review demonstrated how big this problem can be when they uncovered sleeper cells on Twitter. Juan Echeverria and Shi Zhou, from University College London, uncovered a Twitter botnet, asleep and undetected since 2013, that was made up of approximately 350k accounts.

They discovered the massive botnet while investigating automated accounts. Odd, but correlated, geographic distribution, as well as matching events and behaviors such as how many tweets they published, the phones they used and follower counts, were major red flags that something was going on. The researchers trained a machine-learning algorithm to recognize the Star Wars quotes being used by all the fake accounts and uncovered the massive 350k account pool.

Is this an isolated case? No, it’s actually just a small drop in a very large bot bucket.

At DataVisor, we’ve uncovered many massive sleeper cells in the wild, and this MIT research is consistent what we’ve found, especially when it comes to how long these sleeper cells incubate before they strike.

We analyzed more than 500 billion events and 300 million user accounts from global online services over the past two years to uncover sleeper cells. We found that they are not only prevalent, but also very patient. In fact, 24%-47% of the malicious accounts we uncovered incubated for more than 30 days after registration. That’s one whole month of looking and acting like a normal user, and avoiding all scrutiny accordingly.

We also found that 11% incubate for more than 100 days and one-third of all malicious accounts have yet to attack—even after our one-year observation period. These are huge groups of user accounts that you won’t know are malicious, even after one full year on your service, because they haven’t done anything wrong yet. They look like normal users and act like normal users, but the truth is, they are being primed to strike.

One crucial difference in our research is how we detected the sleeper cells in the first place—our method is very different than that of the MIT researchers. At DataVisor, we use unsupervised machine learning and don’t require rules—or, in this case, Star Wars quotes—to find correlated behavior and patterns. We are able to do that automatically by analyzing global user events and data in real time.

But while our methods are different, our research results are similar and important to note. All online services need to be aware of the sleeper cell issue and take proactive steps to address it before their bots “wake up.” The damages they can inflict—both financially, and in user trust—can be massive if you don’t detect them in time.


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features means vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…


Protect your business, your customers, and your data.

Request Demo