Skip to main content

Botnets adapt in wake of Twitter crackdown

Botnets adapt in wake of Twitter crackdown

/

Pro-Saudi botnet tried new tactics to avoid detection

Share this story

Illustration by Alex Castro / The Verge

Twitter botnets are having to adapt their behavior in the wake of the platform’s crackdown. NBC News reports that on Thursday the platform suspended hundreds of accounts acting in a network to tweet messages of support for Saudi Arabia in the wake of the disappearance of journalist Jamal Khashoggi. Experts quoted in the report said that the bots operated in a way that allowed them to “fly under the radar” to avoid Twitter’s bans.

Turkish investigators have claimed that Khashoggi was killed by Saudi agents associated with the Saudi prince Mohammad Bin Salman during a visit to the Saudi consulate in Istanbul. The Saudi government vehemently denies these allegations, and it’s this version of events that the botnet was amplifying. Twitter has now suspended the bots brought to light by NBC News, as well as other pro-Saudi government accounts, although it hasn’t officially said who’s behind them.  

Bots dated back to 2012 and earlier

These more sophisticated botnet tactics have become necessary after Twitter started cracking down on the practice in February. The company changed the rules of its platform to ban “identical or substantially similar” tweets posted from multiple accounts, or “bulk, aggressive, or very high-volume automated retweeting.” As a result, this pro-Saudi botnet had to be more selective, staggering activity to avoid spamming messages in a way that made their automation look obvious.

The botnet, discovered by Josh Russell, also exploited some well-known methods to spread its messages. Namely, latching onto popular hashtags and helping to push them to the top of Twitter’s trending topics. The report identifies two trending Arabic hashtags which roughly translate to “#We_all_trust_Mohammad_Bin_Salman,” and “#unfollow_enemies_of_the_nation,” which the bots used to spread their pro-Saudi messages more widely.

The botnet’s accounts don’t appear to have been created this year. Many were produced in a short period in November 2017, but others date back to 2012 and even 2011. An IT professional quoted by NBC said it was “shocking” that the bots had been on the platform for that long.