'

Why scientists bought 120,000 Twitter accounts

To understand how spammers operate, a team of researchers spent over $5,000 buying fraudulent accounts. What they learned could help block spammers from even creating accounts.

To learn how spammers so easily evade Twitter’s controls, researchers spent $5,000 buying fraudulent accounts. The project -- part research, part sting operation -- may yield a new way of beating social-network spam. Technology Review reports.

Today most anti-spam efforts at Twitter and other social-networking companies focus on blocking accounts only after they begin to send out spam. Spammers typically use software bots to fill out the forms on account registration pages; then they use the accounts to send unsolicited advertisements en masse.

With permission and help from Twitter, a team of researchers collected 121,027 accounts in 10 months.

“There’s a vibrant market for the sale of fraudulent Twitter accounts,” says UC Berkeley’s Chris Grier. Some came from online storefronts similar to Amazon; others were bought in person-to-person transactions brokered on forums where spammers do business.

Buying accounts allowed researchers to examine data logged by Twitter about how they were created, revealing details of how controls are evaded. Some things they learned:

  • Sales of these accounts generated between $127,000 and $459,000.
  • Prices were typically around $40 per thousand accounts -- suggesting that the market for bulk accounts is well established.
  • Many were registered months before. "Pre-aging" is a selling point, probably because brand-new accounts are blocked more quickly when used to send spam.
  • Accounts were created via connections routed all over to prevent suspicious registration spikes from particular locations. (Over 160 different countries recorded.)
  • Most fraudulent accounts were created with Hotmail or Yahoo emails.
  • Having to crack Captchas -- those garbled word puzzles -- doesn't affect spammers that much. It didn’t seem to impact cost.

The team trained software to flag accounts created in suspicious ways that involved certain timing, account names, and browser or computer characteristics. Scanning all accounts registered in the past year, the system turned up several million registered that way. It could also help figure out which evasive techniques are most costly for spammers.

Twitter wants to build these findings into their signup process. Additionally, the same people offering Twitter accounts for sale also trade in Google, Facebook, and LinkedIn accounts.

The work was presented at the Usenix Security Symposium in Washington, D.C., last week.

[Technology Review]

Image: Garrett Heath via Flickr

This post was originally published on Smartplanet.com