08
Dec 11

Twitter Bots Drown Out Anti-Kremlin Tweets

facebooktwittergoogle_plusredditpinterestlinkedinmail

Thousands of Twitter accounts apparently created in advance to blast automated messages are being used to drown out Tweets sent by bloggers and activists this week who are protesting the disputed parliamentary elections in Russia, security experts said.

Image: Twitterbot.info

Amid widespread reports of ballot stuffing and voting irregularities in the election, thousands of Russians have turned out in the streets to protest. Russian police arrested hundreds of protesters who had gathered in Moscow’s Triumfalnaya Square, including notable anti-corruption blogger Alexei Navalny. In response, protesters began tweeting their disgust in a Twitter hashtag #триумфальная (Triumfalnaya), which quickly became one of the most-tweeted hashtags on Twitter.

But according to several experts, it wasn’t long before messages sent to that hashtag were drowned out by pro-Kremlin tweets that appear to have been sent by countless Twitter bots. Maxim Goncharov, a senior threat researcher at Trend Micro, observed that “if you currently check this hash tag on twitter you’ll see a flood of 5-7 identical tweets from accounts that have been inactive for months and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour.”

“Whether the attack was supported officially or not is not relevant, but we can now see how social media has become the battlefield of a new war for freedom of speech,” Goncharov wrote.

I’ve been working with a few security researchers inside of Russia who asked not to be named for fear of retribution by patriotic Russian hackers or the government. Since Trend’s posting, they’ve identified thousands of additional accounts (e.g., @ALanskoy, @APoluyan, @AUstickiy, @AbbotRama, @AbrahamCaldwell…a much longer list is available here) that are rapidly posting anti-protester or pro-Kremlin sentiments to more than a dozen hashtags and keywords that protesters are using to share news, including #Navalny.

A review of the 2,000 Twitter accounts linked above indicates that most of them were created at the beginning of July 2011, and have very few tweets other than those meant to counter the protesters, or to simply fill the hashtag feeds with meaningless garbage. Some of the bot messages include completely unrelated hashtags or keywords, seemingly to pollute the news stream for the protester hashtags.

In addition, almost all of the bot accounts are mostly following each other, with a handful of exceptions:  It appears that most of the auto-created accounts that are flooding the protester hashtags are following the Twitter account @master_boot, which looks like it belongs to an actual user. In fact, one of Master_boot’s 17,000+ followers recently tweeted to inquire about Twitter bots. The person behind the @master_boot account did not immediately respond to requests.

Interestingly, the Kremlin leadership appears to be using their Twitter accounts to bash those calling the recent elections a fraud. Reuters is reporting that Russian President Dmitry Medvedev caused shock and jeers on Wednesday after an obscene insult directed at political opponents appeared on his official Twitter feed. According to cached copies of the feed and a notification of the post received by a Reuters reporter, Medvedev’s tweet read:

“It has become clear that if a person writes the expression ‘party of swindlers and thieves’ in their blog then they are a stupid sheep getting f****d in the mouth :).”

Tags: , , , , , , ,

36 comments

  1. hope that russian bastards find justice
    russian countries are a really horrible place to be

  2. Perhaps it is time for a Russian “were are the 99%!!!”

  3. That’s is “We are”, I don’t know how those letters dropped off!?

  4. “Crime is the necessary condition for the very existence of the State.” – Mikhail Bakunin

  5. “…for fear of retribution by patriotic Russian hackers or the government.”

    Why do you call them “patriotic”? They are more like “pro-kremlinmafia”

    • One man’s terrorist is another man’s freedom fighter.

      OR

      One man’s patriot is another man’s terrorist.

  6. It will be interesting to see how all of this plays out. It’s a somewhat unusual post in that the big picture issues are political and in a big way.

  7. My Twitter account is basically a news feed and so far I’ve not seen any tweets that mention this subject. Also . . . well I’m beginning that an Internet Twitter disruption might be in the offing. Any thoughts?

  8. Everyone knows election results is fake. But none can do anything.

  9. works for china … see #5mao

  10. Navalny was arrested near Sretensky Boulevard on December 5th, not at Triumfalnaya Square. People gathered at Triumfalnaya Square on December 6th after Navalny was already arrested.

    Triumfalnaya Square is the place where people gather on the 31st of every month with 31 days in support of the right to peaceful assembly in Russia guaranteed by Article 31 of the Russian Constitution. There is a permanent construction site on the square now which makes it almost impossible to gather.

  11. Alexei Navalny is not anti-corruption blogger. He is puppet in hands of us dept of state.
    Now they are trying to make сolour revolution in Russia.
    If this will happen thousands of russian programmers lost their jobs. And we will see what code (good or evil) they write afterwards.

    • Hrm. So, Abram, it sounds like you’re saying that if those protesting the elections get their way, the programmers and people being paid by the Russian government to suppress free speech on the Internet are going to be out of a job?

    • Just how many people were paid off to give a thumbs up to this post ?

      • So there would be no misunderstanding : my reply is directed at Abram’s post.

        Also, congratulations Brian. Looks like even the post-Communist leadership in Russia is concerned about the truth in your blog.

  12. The Russian government is well-prepared for a battle in social networks. It isn’t like this is the first time, they’ve been drowning out critical voices on LiveJournal.com (very popular platform in Russia) for quite a while already. Nobody bothers hiding their traces there – it is being organized by the ruling party “United Russia”, with heavy involvement of its youth organization. In fact, LiveJournal.com has trouble filtering out this fraud because it is probably not coming from bots but very real humans receiving minimal pay for this work. Given that the Internet is the only media not under (direct or indirect) government control in Russia it would be foolish to expect that they would simply allow critical voices there.

  13. For anyone that doesn’t know this type of attack (if it can be called that) can be done cheaper than you may think – peanuts in fact.

    Although I imagine it’s likely that customised tools were used for this, if you yourself wanted to do this:

    $150 will get you a license for the TweetAttacks Pro application which automates posting pretty much how you want – it automates adding real looking content using services such as SocialOomph (or any other website actually). It uses a web browser to do all its work making it undetectable by Twitter. It includes an account creator which can offload captcha solving to third parties ($1.50 per 1000 if you chose the Death By Captcha Service for example).

    In addition to mount an attack using 1000’s of accounts private proxies are required – Brian has already done articles on criminal activity surrounding the provision of such services however there are longstanding (whitehat I’m assuming) companies which will lease you http proxies for $1 per proxy per month – the price goes down as you order more of course. So let’s say you use 100 Twitter accounts per proxy – another $100 if you chose to attack using 5000 Twitter accounts. (you probably only need them for a month if all you wish to do is do this attack but I went two months so you can dribble out tweets like happened in the real thing to make the accounts look real).

    And lastly you need a moderately powerful server – nothing too extreme by any means. Say you wanted high levels of service – you could rent a OVH Kimsufi KS16G dedicated server for ~75USD (theyre priced in Euros so depends on exchange rates).

    This server is probably massive overkill and could be had for a lot less. Add $15 or so (?) for a Windows license however many people just run Windows inside a VM to avoid this added cost.

    Spend some time setting up your software (this will take a fair amount of time from my experience using Twitter to market solutions to people – but it can easily be outsourced through Teamviewer or other methods for peanuts) and there you go: your own Twitter blasting machine for ~$300 USD (likely less if you went for less powerful hardware) that you can overwhelm any movement you don’t happen to like.

    Social media can be a great thing but at the same time it has a tremendous capacity to be gamed.

  14. Floodbots….we’ll see more regimes (and probably commercial companies) use this tool in the future. Censorship by flooding – bad news.

    • Actually, that is exactly Aldous Huxley’s prediction in ‘Brave New World’. The truth won’t be suppressed, it will just be buried under a pile of misinformation. Gives me the chills.

      • Well, depending on the specific subject, I’ve noticed a clear shift in both comments and comment votes within THIS blog since its inception.

      • Already happened to consumers(especially in the US). We are being flooded with products and services so that we cant make an informed decision despite the transparency the internet brought. Was just a matter of time until gouvernments discovered it.

  15. #womenintech #infosec – digital mess from an end point of view. The other side of “unprotected social TECHNOLOGY” well this proves that even politicians are not all that safe – information dark age if what I have to say The …http://t.co/H9zhQOSm

  16. In the evening on December 5, Alexei Navalny hastened to meeting and climbed over the fence, but his companions hesitated. He urged them: what you stand like sheep getting f****d in the mouth? This is the meaning of the tweet, which was retweeted on Medvedev’s Twitter.

  17. why did you steal this article from the BBC website? You should at least have referenced it or something

  18. Well, Brian, maybe I chose my words unwisely again. What I mean is the basic premise is essentially right. I may have observed some of the botnets at work myself (and guess what? — I approve, I may have retweeted their messages myself).
    But what you write about “voting irregularities”, “ballot stuffing” and the political situation in general is mostly wrong — but it’s not you, it’s because your sources are wrong (or your bias, whatever). And as was pointed out to you in one comment already, that quote was not Medvedev’s twit, it was a re-twit – something Navalny, an opposition figure and a US State Department agent and operative, said and which he directed at his supporters.

  19. Having lived in the US for over a decade, I still get amazed at how badly misinformed the American and Western European public and how terribly misinforming the American and Western European media are about Russia and what’s going on there. The Russians have had a healthy scepticism of the authorities for a very long time (including the Soviet era, most of which, incidentally, did not consist of waiting in bread lines or freezing to death in labor camps). There’s incomparably more anonymity one can enjoy in Russia than here (as a security expert, Mr. Krebs should know). There is also a lot more emotion at protests there. Can the Americans or the Brits claim the same? How many decades of mind-numbing propaganda of unabashed consumerism, aggressive foreign policies, and subversive corporate practices has it taken for some to realize that not all is well with the current system? And even then, isn’t the way the Occupy Wall Street movement has been handled by the media and the police on this side of the Iron Curtain more worrisome than bots sending tweets in Russia? A lot of Russians do think that Putin and United Russia provide a better alternative than the anarchy and massive impoverishment they witnessed in the 90s, while there are many who don’t think so. (If you doubt it, take a trip – no FSB agents will hound you there.) If you don’t think it’s OK to stifle dissent (personally, I don’t think it’s OK), then stop using double standards applying your principles. Let the Russians take care of their own problems and leave Europarliament rulings and Freedom House suggestions to tackling problems at home. By the way, I can assure you that neither the Kremlin nor anybody else paid me to submit this post.

    • Thank you Vladimir for that post:

      It is good to hear other perspectives on this subject. I have friends that travel to Russia that report freedoms are actually far worse on restrictions in Ukraine, than in Russia; I’m glad you stand up for your motherland!

      We both have problems with different forms of repression and/or corruption in our countries – freedom with handle this eventually.

    • “isn’t the way the Occupy Wall Street movement has been handled by the media and the police on this side of the Iron Curtain more worrisome than bots sending tweets in Russia?”

      no. Your romanticizing of the Occupy movement aside, they have not been censored. I fully support the movements right to organize, but setting up camp in downtown parks? Have you actually seen one of their encampments? I digress, telling occupiers to move out of public parks and then arresting them when they don’t is unfortunate, but also expected and fair. It would be far more worrisome to me if a US govt entity or corporation were to drown out the movements twitter feed(s).

  20. I’ll tell you what real worrisome is. US govt entities are certainly at it here in Russia, probably using Pentagon bots sending “opposition” tweets, arranging flash-mobs, calling for (very unpopular) protests. I know because I’ve seen them at work too. In fact, I busted a couple of those internet (facebook) flash-mobs single-handedly myself

    As for the Pentagon, it is certainly involved, and not only in running pro-Central Asian dictatorship websites but also in this kind of activities as well.
    http://www.foreignpolicy.com/articles/2011/11/21/propagandastan

    • If that is true, it would be up there among the dumbest things our government in the US ever did. I find it hard to believe, but now days, the “intelligence” bureaucracy has pulled some pretty stupid pranks.

      I use the term “intelligence” pretty loosely here. I have no confidence in our services in any regard.


Read previous post:
Pro Grade (3D Printer-Made?) ATM Skimmer

In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM...

Close