Twitter has a spam bot problem — and it's getting worse

A Romanian spammer is in part behind a sudden surge in fake Twitter followers in recent weeks. But it's not something Twitter seems to want to deal with.
Written by Zack Whittaker, Contributor

Last Monday was a great day for us in the office. @ZDNet hit the 400,000 follower mark on Twitter; a joyous moment marked by me in a brief note to our senior editor who, among many things, runs the feed.

"A lot are fake," I told her. "Bots?" she said. Yep.

It was a stream of several hundreds of accounts with garbled usernames and a sea of empty profile pictures (which only until recently used to be the infamous, anonymous "egg.").

Something wasn't right -- why would they follow us? We dug into it a bit further, and it wasn't just us -- these fake followers were also pushing up the follower counts of our friends at The Verge, Ars Technica, and Wired. Even our sister-site CNET was flooded with these new faceless, empty profiles.

Nobody in our newsroom could answer why.

It's almost an occupational hazard of using the microblogging site. Everyone who uses Twitter -- yourselves included -- have a number of followers that are fake. They may not always seem like it, but they're there to post spam like links to busty blondes and even propaganda.

And while it's been steadily getting worse -- Twitter doesn't seem to want to do anything about it.

Without a peep from the company (a spokesperson did not respond to our request for comment last week) we set out to find out more on our own. We kept a close eye on a few dozen of these bots over the past week, all of which were created with the same pattern of username (a random name and a few numbers) and were created within the space of an hour or so. In the end, the scheme looked like little more than a cheap shot to promote half-baked dating sites that ask for money to sign up, even though the hapless few who do probably have almost zero chance of getting lucky.

After further investigation, we learned that a Romanian spammer, Laurentiu Ciocoiu (perhaps a pseudonym), is in part behind the recent uptick in these spam bots.

Ciocoiu started earlier this year with his most recent campaign, setting up a complicated network of thousands of fake Twitter accounts that would almost always follow the same pattern: Each account would follow a few dozen legitimate accounts -- such as high-profile, verified news publications and celebrities that are presented when the user first opens a Twitter account -- and then fake accounts would follow the other fake accounts.

Then, the fake accounts would post a single tweet -- a link to a page that promises to show nude photos.

The page would direct the hapless clicker to a random third-party website (also owned by Ciocoiu, who did not respond to a request for comment over the weekend) which pays him to generate clicks and sign-ups to those sites, which more often scream of illegitimacy and fakery.

At least one of the campaigns on Ciocoiu's books includes several websites owned by Nautell Capital and Tralox Overseas, two companies based in Cyprus that may be one and the same -- they were founded on the same day and share the same accountant. Both firms own hundreds of domains each, hosting pop-up dating sites designed to appeal to almost every possible kink imaginable.

Many have accused these sites of being fake, or scamming to generate paid memberships. Nautell was recently accused and sued for alleged racketeering by creating a complex web of different sites along with both domestic and foreign entities as "means of fraudulently concealing" the true nature of the business, but the case against Nautell eventually collapsed.

It's been a week, and these accounts are still active -- even after we made Twitter aware of the bots.

Twitter has its work cut out. Ciocoiu is just one of thousands of spammers and abusers of the system.

But that hasn't stopped Twitter from facing extensive and sustained criticism for not doing enough about its fake followers. Figures released this year suggest as many as 15 percent of all accounts are fake.

Many of the bot accounts are innocuous. Some bots monitor events or topics and provide a useful service to their following. And some are both ridiculous and fantastic -- like the @everyword bot that systematically lists every word in the English language, a seemingly pointless task that took it seven years to complete, but gained a cult following of over 71,000 followers.

But some bots can be malicious -- even attempting to sway hearts and minds. During the 2016 US presidential election, bots and fake accounts were pushing trash talk about both of the two leading candidates -- granted, the majority of which were gunning for Trump to win. (Look away now if you don't want to know the result.)

The big question is "why?". It's not always about selling bot services for money -- sometimes it's about power, influence, and propaganda.

I called Margarita Noriega, an internet strategist and founder of @InternetReview, who explained that bots are more common in business than some people might realize.

"It's a common part of life," she said on the phone last week. Companies rely on having the backing of a social following before they seek investments and development to drum up business, she said, and they generally all end up serving the same purpose -- something like 90 percent of it is to create fake engagement, and the remaining 10 percent provides cover.

"It's common for a variety of companies -- not just media and brands -- for when they need to drum up engagement," she said. "Even your local bodega could have 10,000 fake followers," she joked.

Bots and fake followers all live for a different purpose but usually seem to follow the same path to Twitter enlightenment -- that can be spam links, or even a hashtag to promote your politically-aligned politician.

Call us cynical, but it's not unreasonable to assume Twitter -- of which its entire worth and value is based on its reported number of users -- wouldn't want to tackle the spam bot problem, for fear that it dramatically cuts a large swathe of its perceived user base.

Twitter isn't the only offender, but it's one of the few still humming loudly with its fingers in its ears.

Just last week, Facebook purged millions of accounts in what was described as an "extensive fake account scam," which USA Today said cost it almost six million 'likes' on its Facebook pages. Like its microblogging neighbor, Facebook also relies on its active user numbers to measure its worth. It came under fire in recent months for pushing incorrect and inflated figures to publishers on the number of users who were watching videos.

Twitter was said to be working on a spam bot defense system a few years ago, an idea that was shut down for reasons unknown.

Several experts have said that idea of scanning the network every second for fraudulent tweets and fake accounts is feasible or would not be that difficult. But without a hard and fast rule on if a bot is a good bot or a bad bot -- there's zero wiggle room for shutting down legitimate accounts, said Darius Kazemi, an internet artist and a bot expert.

"To make the bots seem more human and evade detection, they'll follow big name brands and big name celebrities," he said. "Imagine an account that tweets nothing but 'I love you' at various celebrities. It could equally be a bot -- or it could be a teenager."

Not that we wouldn't want thousands of teenagers demonically screaming "I love you" at us every day for the work we do, but the harsh reality is that Twitter has become a misleading stream of consciousness and unreality. Follower counts are becoming ever-more distorted, and because retweet and favorite counts get inflated, notifications become meaningless. And without any motivation to fix it for Twitter or an easy way to get behind the problem, it's something that can only get worse over time.

If only there was a bot to tell us a word for that.

Editorial standards