Uncovering the secret life of Twitter bots

How do you know if you're reading tweets from a real person or a bot? As bot technology becomes more sophisticated it's increasingly hard to tell.

Researchers at Duo Security have collected and analyzed data from 88 million public Twitter accounts using machine learning to spot the tactics used by malicious bots to appear legitimate and avoid detection.

The analysis included the application of 20 unique account characteristics in a machine learning model to differentiate a human Twitter account, classified as 'genuine' in the study, from a bot. These characteristics include, among other things, the time between tweets, distinct tweet sources and the average number of hours per day an account is active.

The research uncovered details of a sophisticated cryptocurrency scam botnet, consisting of at least 15,000 bots. This included how it siphons money from unsuspecting users by spoofing cryptocurrency exchanges, celebrities, news organizations, verified accounts and more. Accounts in the cryptocurrency scam botnet were programmed to deploy deceptive behavior in an attempt to appear genuine and evade automatic detection.

"Users are likely to trust a tweet more or less depending on how many times it's been retweeted or liked. Those behind this particular botnet know this, and have designed it to exploit this very tendency," says Duo data scientist Olabode Anise. "The bots' attempts to thwart detection demonstrate the importance of analyzing an account holistically, including the metadata around the content. For example, bot accounts will typically tweet in short bursts, causing the average time between tweets to be very low. Documenting these patterns of behavior can also be used to identify other malicious and spam botnets."

You can find out more about the research on the Duo blog and details will be presented at Black Hat USA on Wednesday, August 8th.

Image credit: Wit Olszewski / Shutterstock