About three weeks ago, I noticed a peculiar surge in my followers. I didn’t think much about it at first, but where the activity initially started with a handful of fakes joining a day, the pace quickly picked up and soon tens were spiking my followers list per day. There was no occasion to warrant increase, I didn’t suddenly become famous, and fact that handles were Arabic when I mostly tweet in English, were all reasons I suspected something was amiss. A quick review of accounts of my supposed new fans revealed they were fakes and automated bots.
I jokingly tweeted about it at the time, but also realizing fake followers can hurt your account’s credibility, engagement rate, and in extreme cases lead to suspension of account on premise of violating Twitter’s rules (i.e. where you would be suspected of buying followers), I quickly started blocking the fakes.
However, rather than use an API (3rd party application) to bulk block, I chose to manually audit followers list and individually review/block. It’s a cumbersome tasking, but a safer bet than relying on an API’s algorithm where I already knew rules they applied to identify and filter through fake accounts. Basically, accounts with no tweets, no profile/header images, alias/name and handle were randomly generated gibberish, and with a huge gap in following/followers proportion, were likely fakes.
So far blocked about 3,000 suspected fake accounts. I say “so far” because such accounts are still coming in waves. I’m referring to as “suspected” because it turned out that an extremely small percentage (1-2%) of accounts I blocked were legit and soon DMd from other accounts to unblock. This minority group, I learned, were people who though had all signs for profiling a fake, did so because were passive users and on Twitter to solely get updates/news from folks they followed, but almost never tweet nor care to personalize their profiles.
I also soon learned that I was not the only experiencing the surge in fake followers, and that more than a few other Yemen Twitterati were targeted and around same period of time I did. This got me thinking that this was not a random glitch in matrix, and could probably be some form of coordinated attack that at first glance seems to be targeting Yemen Twitterati, but possibly others too. While many had several theories and understood some of the risks of rapidly gaining fake followers, no one really knew what was happening or exact goals of attack (if at all an attack).
Accordingly, while naturally took all necessary measure from upping security to continuing to block, decided to research a bit and dig deeper in trying to figure out nature of such surges, risks and ramifications associated, and scenarios planned if indeed a coordinated attack. While the research was neither exhaustive nor conclusive, it was both enlightening and exposed me to a parallel universe on Twitter that I never knew existed.
Millions of Fake Accounts
Thousands of fake accounts are created a day. No, not referring to random individuals creating fakes accounts in seeking anonymity, to harass, or play pranks. Daily increase of such newly created accounts, pale in comparison to ones created by dedicated parties employing IT sweatshops and automated programs to use en masse and for multiple sinister schemes. Given sheer scale and seeming coordination of activity in question, I, like many others, suspected administration or at least indirect involvement of state level entities or parties. Much to my surprise, diving into the dark side of the web, found endless independent individual and group led enterprises carrying out such activities. Where essentially a black market, enterprises competed for anonymous and paid cyber attack requests (that could have been anonymously put forth by legitimate/official parties), contracts for classified information, hacking servers or individual accounts, etc.
However, the nature of business and transaction trend is not always passive. Proactive enterprises would often pursue such ventures without an existing contract/request and for many reasons ranging from financial incentives (i.e. stealing information/data & selling to highest bidder), to blackmailing/extorting an entity or an individual targeted, to proving worth and superiority of skills among peers. At times, just out of mere boredom & in process of honing own skills, or in an act of vigilante justice and sending a message/making a statement. But all of this seems to be a bit too complex, for sensitive and high value data and information, and where Twitter is, well, just Twitter. Is it even worth the trouble?
Just as in any other market, regardless of nature or size, there’s always a layer of bottom feeders, upstarts, and rookies who given limited skills/resources, would settle for little and operate within niches at the fringe. For Twitter, black market merchants are mostly small-time but numerous, not really considered hackers nor respected, and there’s little money to be made. Where the products and services offered are generally divided into two tiers of “General” and “Special” contracts, aforementioned group of merchants deal in former, while latter picked up by heavyweight hackers.
Products on sale range from passive accounts to simply increase followers size, to active accounts for shaping/influencing opinions, and shell accounts to spam, hijack conversations, or other activities where an en masse attack is used to cripple a targeted account, hash tag, or a campaign.
This also includes “ReadyGo” accounts, where you can procure an account already prepped with thousands of followers, and where pricing varies by followers size. I’ve been on Twitter for years but only know noticed that some accounts had “20K”, “30K”, so on and so forth, and featured in the name of the account; that’s basically the current followers size of that account. A rather bizarre way to needlessly show off followers size when such information prominently featured on any given public profile, which all of these were. But soon discovered that although such accounts seemed legitimate and active, albeit largely re-tweeting and posting material that is at best considered spam, the reality was they were shell accounts animated enough to justify follower size and avoid Twitter’s suspension radar, and the “xxK” in name is for marketing where akin to the price tag you see on windshields of long lines of cars parked in a dealership.
Now here’s kicker, trade in such accounts is openly conducted on Twitter. Moreover, there are countless groups, on Twitter, specializing in ramping up follower size of such accounts and prepping them for sale, while others in pricing, marketing, and conducting sale transactions. Generally referred to as “Promotion Groups”, these groups of Twitter users run auctions, compete against each other, direct members of own group and freelance agents to tasks like beefing up accounts with followers, re-tweeting, spamming, etc. They also announce competitions within their community of promo groups where winners receive thousands of Twitter followers, put up sales ads with full information and contact information including phone numbers, and celebrate accounts reached high numbers of followers. And all of this is done publicly and openly on Twitter and using dedicated hash tags!
The second tier products include hacking accounts, publicly embarrassing original owner by immediately declaring account hijacked, and tweeting opposing views/political statements. Did you ever notice that even though hackers tweet out a lot of stuff using hijacked Twitter account, they very rarely release or discuss trove of info that surely must’ve been available in inbox and Direct Messages of account compromised? That’s because whatever valuable information found there, is either delivered to contract owner, if an ordered hit, or sold on black market if otherwise.
They also include stealth eavesdropping, where a high value account is hacked but owner/followers not made aware. Apparently this is done for quite a few reasons including that of silently monitoring and collecting information of account and private conversations it has, to sell to interested parties, or if more lucrative and when opportunity presents itself, announce presence to owner and access to sensitive information to blackmail and extort.
I’m sure I have only scratched the surface and may have even gotten a few things wrong. I’m no expert and research above was done by basically following back trail of followers swarmed my account, digging through conversations of their rather vibrant community online, which amusingly were public. It also included sifting through blogs and forums on subject, thanks to Google, where websites and links research led to were a dark part of the Internet I never want to ever visit again.
Nevertheless, where research was prompted by suspicions of a possible coordinated action targeting Yemen Twitterati, now almosr certain that it indeed was. Though less sure of culprit’s identify or specific group carrying it out, the action can and should by all definitions be considered an attack because fake followers do damage your account’s credibility and could compromise it.
A few colleagues offered theory that it may have been a philanthropist bought followers for the various accounts tweeting on Yemen. That, is both overly simplistic and stupendously naive. A gradual increase in real followers is one thing, SPIKE in fake followers is another. Former is natural, increases reach and engagement rate, and tweets get read by REAL people, which is the whole point and goal for tweeting. The latter decreases all of the aforementioned, reduces credibility where anyone can quickly audit followers of an account, AND puts an account at risk of suspension because procuring fake followers is a serious violation of Twitter’s rules. And Twitter DOES monitor for unusual spike in an account’s follower numbers.
Admittedly, many accounts with fake were not suspended, yet. Perhaps for reasons such as proportion of real vs. fake on any given account still being within reasonable limits, difficulty to figure if spike a spam campaign or procurement of followers, and if latter, by account holder or another party attempting to sabotage, or whatever other reasons. But accounts DO get suspended, for far less reasons, and Twitter clearly states that fake accounts are considered a major reason to suspend. We’ve all heard stories or know someone where his/her account suddenly got suspended, and where reasons for suspension weren’t always clear, it was a bureaucratic nightmare attempting to figure out and reinstate. You do NOT want to be in that position.
Moreover, where and when now the credibility and reach of Yemen Twitterati exceedingly and respectively on a knife’s edge and limited (especially the past two years since the start of the war), whoever that imaginary philanthropist supposedly only now decided to buy tens or hundreds of thousands of fake followers for a yet unkown number of Yemen Twitterati, surely he/she must’ve known action will do more harm than good.
Though as far as I know, no accounts were suspended by time of writing this, many of Yemen’s Twitterati reacted by blocking the fakes, and some even self locked their accounts and protected tweets; fearing it could be compromised and/or for feeling harassed by the nothing but damaging waves of fake followers. I myself temporarily locked my own account to up its security and get brief respite from now daily chore of blocking fake accounts that are both endless and relentless.
Whatever the real intents of the culprit(s) are, all the end scenarios of the possibly General Tier contract put out on Yemen’s Twitterati, are simply bad. Fakes overwhelm and marginalize the Twitterati by either reducing credibility, keeping them busy fending off fakes, forcing them to lock accounts, and in worst case scenario, may ultimately lead to suspension if their accounts.