Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Researcher Finds Hidden Twitter ‘Star Wars’ Bot

A London-based researcher has uncovered a huge network of fake Twitter accounts that may have been used to send spam, propagate malware and manipulate public opinion.

UCL student, Juan Echeverria, found the 350,000-strong ‘botnet’ when analyzing a random 1% sample of English-speaking Twitter users for a project.

On closer inspection he discovered patterns which linked the massive network of automated accounts to a single user or group.

He named it the “Star Wars botnet” because many of the accounts tweeted random quotes from the famous movie franchise.

Most worryingly, the botnet in question had lain hidden since 2013, because its accounts were deliberately designed to bypass common filters used to detect automation on the site.

These included the addition of profile pics and “regular” user profiles; eschewing URLs in tweets; only following a small number of users; tweeting not too frequently or infrequently; and tweeting those random Star Wars quotes, which appear to Twitter’s bot filters like real human language.

Echeverria argued it would be irresponsible to assume the bot was created with malicious intent, but added that the prospect could not be ruled out.

“It is highly possible that the master still has the ability to reactivate all of the 350k Star Wars bots at any time of their choice,” he wrote.

“When that happens, the bots can pose all the threats discussed in Section 1.2, including spam, fake trending topics, opinion manipulation, astroturfing attack, fake followers and sample contamination. The fact that the Star Wars botnet has so many bots makes its potential threats serious, perhaps more serious than we have ever seen before.”

The revelations come in the same week Imperva Incapsula research revealed that one in three visitors to websites is likely to be an attack bot.

“While these are different types of bots that exist only inside the Twitter ecosystem, this is all a part of the same trend – just another example of how automation influences our online experience,” argued the firm’s senior security evangelist, Igal Zeifman.

“On Twitter, as on other websites, massive amounts of activity is generated by bots trying to impersonate human users. And in both cases, these bots are up to no good.”

What’s Hot on Infosecurity Magazine?