The botnet cometh

This morning, I woke up to several hundred notifications on Twitter. It was so many all at once that Twitter automatically gave me some new filtering tools to manage the barrage of notifications. (Why isn’t that just default for all Twitter users when they sign up?!)

But these weren’t your regular spam.

This summer, Bill Fitzgerald and I wrote a post for Data for Democracy, outlining the trends we’ve seen among Twitter bots and sockpuppet accounts we’ve seen participating in disinformation campaigns (like #MacronGate, #MacronLeaks, and election cycles in the US and the UK). At the time, it got a fair number of hits, but nothing nefarious that we could spot.

But a couple weeks ago, the Digital Forensics Research Lab published a similar post (with a similar name), based on their own research. Their post awoke the attention of multiple, large networks of Twitter bots. These bots impersonated, defamed, and overwhelmed DFRLab’s main Twitter account, as well as those of several of their reporters, similar to what happened to ProPublica last month.

This is starting to happen to me.

Now, to be clear, no one is yet impersonating me. (If they do, my only real Twitter account is @krisshaffer, and my websites are at pushpullfork.com.) No one is claiming that I have died. And none of the accounts are harassing me in any significantly troubling way.

What is happening, however, is what DFRLab described as “the social media version of a Distributed Denial of Service (DDoS) cyber-attack.” DFRLab describes it like this:

This is the social media version of a Distributed Denial of Service (DDoS) cyber-attack. In a classic DDoS attack, hackers use hijacked computers to flood a website with thousands or millions of queries, overloading them, and shutting them down. On this occasion, the attack was carried out by apparently hijacked accounts, and appeared designed to intimidate and disrupt the Atlantic Council’s work and social media promotion.

And it works. I’ve been making tracks away from Twitter for some time. So when I saw my notifications this morning, my first thought was, “Welp, I guess it’s time to finally quit.”

But that means they win. More importantly, it really opens up the doors for potential impersonation accounts in the future. So I’m staying put for the time being, even if mainly just to keep an eye on things.

But I am being proactive about using some of my Twitter-scraping tools to regularly download tweets that contain references to my name or Twitter handle. Bots, and especially sockpuppets, are not above deleting evidence of their campaigns, retooling the accounts, changing profile pictures and bios, etc. Downloading tweets every hour into a database on my computer means I can retain any data they delete or change, should it become necessary in the future.

There’s another important way in which this particular campaign seems to be working better than some others I’ve seen. The bots seem to be pre-loaded with longer narratives of content that they post into a thread, as well as collections of memes to include in the discussion. And either the bots are “arguing” with each other, or some of them are actually sockpuppets, or there is some more sophisticated AI behind them, allowing them (minimal) argumentative engagement with real users. I haven’t studied them closely enough yet to know what’s behind them, but I’ve noticed several “real” users getting confused, not realizing when they’re replying to a real human, a sockpuppet, or a bot.

And that’s the real insidious thing here. We expected bot-based social media operations to increase in complexity as time progresses. (And my research colleagues and I expect there to be a lot of experimentation about what works in advance of various upcoming elections, especially in the US and Europe.) And that’s what we’re seeing here. My colleagues and I have written before about the PsyOps (psychological warfare operations) nature of these bot campaigns, which end up constituting massive, coordinated, digital gaslighting campaigns. That’s where the bots are improving. The bots are getting better at causing people to question reality, to lose their sense of what is true and what is false.

I’ll keep you posted about what I find out. In the mean time, keep your wits about you.

Header image by Andreas Chu.