Dracula Network Pushes Out Pro-China Twitter Spam

Written by

Eagle-eyed social network analysts have spotted a new Chinese influence operation on Twitter dubbed the “Dracula botnet.”

The network of inauthentic automated accounts was found to be pushing out pro-China political spam, according to Graphika’s Ben Nimmo. The botnet was so-named because the profile bios of all of its accounts are scraped from the famous Bram Stoker novel. Their profile pictures themselves are mainly of stock female models.

Created in summer 2020, the 3000 accounts in this network accrued few followers before being largely suspended or marked as restricted, according to Nimmo.

“Not all the suspect accounts in the network had bios at all, but all those which did used incomplete quotes from Dracula. Adding to the impression that the network had been automated to bleed Stoker’s novel, every account featured, as its first tweets, two texts copied from Dracula that consisted of incomplete sentences, with the spaces between the words replaced by the + sign,” he continued.

“This approach appears to use spammy text posts as camouflage, to give the account a more ‘human’ signature when checked by Twitter’s automated defenses; hence the term ‘spamouflage.’”

This is the name Graphika has given to a much larger Chinese-backed political spam network active across multiple platforms including Facebook, YouTube and TikTok.

It has in the past posted pro-China messages about the Hong Kong protests, exiled billionaire Guo Wengui, COVID-19 and, most recently, US politics and US-China relations.

Nimmo argued that the network underlying this latest “Dracula” discovery was probably a botnet-for-hire.

“In effect, deceptive behavior on social platforms is a continuum. Accounts that post Bitcoin spam today can be repurposed to post geopolitical propaganda tomorrow, if the purchaser desires,” he concluded.

“That gives influence operations an easy route to buy at least the appearance of popularity, but it also gives researchers a further way to identify potential operations.”

What’s hot on Infosecurity Magazine?