Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Amplification Bots Retweet Misinformation

Amplification bots spread both information and misinformation across Twitter's social network through retweets, and according to new research from Duo Security, these bots not only affect how content spreads but also how the information is perceived.

Published today, Anatomy of Twitter Bots: Amplification Bots, Jordan Wright and Olabode Anise detail the characteristics that make up amplification bots based on a data set of 576 million tweets. The researchers also looked at how to build a crawler that can map out entire botnets of this kind.

The research is the culmination of a three-part series that began at Black Hat 2018 with "Don’t @ Me: Hunting Twitter Bots at Scale" and was followed by a more detailed explanation of how fake followers operate.

The focus in this final part of the series is on automated retweeting. Because retweeting is what boosts an account's popularity, amplification bots are concerning from an information security perspective. “Automated retweeting of a tweet [is considered] to be more damaging to social network conversation, since it actively spreads content as opposed to just artificially boosting the content’s popularity,” the authors wrote.

Determining which accounts are bots and which are authentic took a bit of work, though. In essence, researchers had to distinguish different patterns of likes and retweets from a wide sampling of accounts.

“We found that an average account’s timeline is composed 37.6 percent of retweets while the 90th percentile was composed of 75 percent of retweets. Because our dataset of tweets does include accounts that exhibit bot-like characteristics, it’s important to note that the the overall distribution of retweets in an account’s timeline may be affected by their behavior.”

Research suggested a key factor that distinguishes bots from actual user accounts is found in the timeline, with actual users tending to retweet in consecutive order while the activity of bots is more scattered. After determining normal behaviors, researchers set out to find bots as seen in the image below:

Credit: Duo Security
Credit: Duo Security

“The account’s most recent (re)tweet has 969 retweets and 164 likes, which is strange. Most tweets with that many retweets won’t have a retweet-to-like ratio of almost 6:1. To put some numbers to how rare this is, only 0.2 percent of tweets in our dataset had more than at least 900 retweets and a similar retweet-to-like-ratio,” researchers wrote.

Finding one bot then opened the door for the discover of many more amplification bots, which have the potential to sully the credibility of retweets, though determining legitimate information from misinformation is a challenge.

What’s Hot on Infosecurity Magazine?