MASSIVE botnet army discovered on Twitter… just… sitting there.

Technology Review reports on a veritable horde of fake accounts – a network of 350,000 users – that have been ready to parrot messages en masse since 2013… from some interesting parts of the world… if they ever woke up again:

The truth is that nobody knows how many Twitter bots are out there or how big the botnets have become.

Today that changes thanks to the work of Juan Echeverria and Shi Zhou at University College London. These cybersecurity experts have stumbled across a Twitter botnet consisting of more than 350,000 automated accounts, a network of almost unimaginable proportions, that has existed undetected since 2013. They call this network the “Star Wars botnet” and say that its longevity raises serious questions about the potential impact of botnets and the way they are tracked and monitored.

Echeverria and Zhou discovered this botnet almost by accident. Interested in finding automated accounts, the researchers began by downloading details of six million English-speaking Twitter accounts that they randomly selected. That’s about 1 percent of the total number of Twitter accounts.

For the most part, the geographical distribution of tweets matches the global population distribution. In other words, tweets are more common in densely populated areas like cities. But the researchers also noticed a significant number of tweets—some 23,000 of them—that were geo-located in uninhabited regions close to Europe and the U.S., such as in deserts and in oceans.

When plotted on a map, these locations were bounded by sharp edges and corners that formed two rectangles, one around the U.S. and the other around Europe. “We conjectured that the [map] shows two overlapping distributions,” say Echeverria and Zhou. They thought that one set of tweets must be from real users and so coincided with the population distribution.

But the other must have been created by Twitter bots randomly choosing locations in the two rectangles.

A simple assessment of the 3,000 accounts that created these tweets showed they had much in common. These accounts had never published more than 11 tweets, they never had more than 10 followers and less than 31 friends. They were all produced by Twitter for Windows phones.

But reading the tweets, Echeverria and Zhou realized that they all contained random quotations from Star Wars novels with hashtags inserted at random. A typical tweet is: “Luke’s answer was to put on an extra burst of speed. There were only ten meters #separating them now.”

This botnet was obviously large since 3,000 bots had appeared in a random search. And that raised an obvious question: just how big was this botnet?

To find out, the researchers trained a machine-learning algorithm to recognize Star Wars bots and set it loose on a much larger database of 14 million English-speaking Twitter users.

The results were a shock. The machine-learning algorithm, with the help of some manual filtering, found some 350,000 accounts that had the same characteristics. These accounts had never tweeted more than 11 times, had fewer than 31 friends and were all produced by Twitter for Windows Phone.

What’s more, this entire botnet was created in just a few days in June and July 2013. At the time, it produced 150,000 tweets a day.

Then it stopped.

Apparently, some are being rented out as fake followers; the net in general has probably been waiting for the right buyer.

The kicker of the original article is the last graf, though. This is no longer the biggest botnet the researchers have found.

[via Mr. Carl Zimmer]