Cryptome — a site dedicated to publishing vast troves of data from FBI files to leaked emails — has published a claim that Twitter has been infected by a vast botnet that could involve millions of accounts, all of which appear to be mindlessly retweeting nonsense.
We asked Twitter for comment, but did not immediately hear back.
However, Twitter has already begun disabling some of the accounts cited as bots on Cryptome, such as this one belonging to “Marissa Tanyat.”
The Cryptome claim was made by Paul Dietrich, a self-described “really nerdy” unemployed programmer from Eugene, Ore. He told Business Insider he was searching for tweets from NSA leaker Edward Snowden and discovered the results were polluted with hundreds of nonsense tweets.
“So when I noticed tweets like ‘@[someusername] I wonder if Edward Snowden is a dignitary,’ over and over again, it raised my eyebrows. The one that really got me, though, was this one: ‘I dont know much about Haarp but Edward Snowden is the one thats revealing it to the world and to the newspapers so will become the,’ bad grammar and all,” he tells us.
He found nearly 35,000 accounts that appeared to be retweeting plausible but flawed garbage, but says he only scratched the surface. The botnet’s true size could be in the millions, he says:
After a bit of study, I was able to trace the creation of the botnet back to March first, and I decided to get some idea of the scale of the botnet, I pulled 33 such spam tweets into a spreadsheet, and counted unique handles. The number I got was in excess of of 34,000, from only that small sample. There are literally thousands of spam tweets from this botnet. The botnet could easily involve hundreds of thousands, or millions of unique handles.
Twitter has long been plagued by fake accounts. The company previously said 5% of its user base is fake. There is also considerable speculation about the number of inactive accounts on Twitter: Some estimates have four out of five new Twitter signups not actually using the service, numbering perhaps 697 million accounts. They are not necessarily bots, however.
Nor is it clear why hackers would want to control a network of bogus accounts that simply retweets nonsense spam. One theory: social media click farms can “sell” exposure on their networks to unscrupulous or stupid marketers who want to increase the apparent size of the social media reach. In order to make the botnets appear real — and avoid detection from Twitter — the accounts must look as if they are active and being used by real people. So they need to tweet and retweet stuff, a lot. Hence the spam.