Twitter eyes scam-busting signatures

Twitter is examining a real-time protection system that in research crushed 90 percent of scammer accounts as they were created.

The system was developed by security researchers who spent 10 months studying the underground Twitter scam market.

It applied signatures built on elements like account names, the timing of the account creation and browser identifiers to identify fake accounts.

Researchers Vern Paxson and Chris Grier from the International Computer Science Institute and UC Berkeley university said the new system was used by Twitter after their research to take down 95 percent of several million fake accounts that were created by a mere 27 shady merchants.

"While we do not observe an appreciable increase in pricing or delay in merchants delivering new accounts, we find 90 percent of all purchased accounts immediately after our action are suspended on arrival," the researchers said in a paper. (pdf)

"We are now actively working with Twitter to integrate our defense into their real-time detection framework to help prevent abusive signups."

The researchers completed their study into the shady scam market in April this year examining accounts used for spamming, malware distribution and CAPTCHA-breaking.

The accounts were also used to sell fake followers -- a service which was recently revealed to have been purchased by unknown persons to inject some 70,000 followers into the Twitter account of Opposition Leader Tony Abbott.

These services netted the 27 scammers behind the accounts up to half a million dollars.

At its brief peak, the fake accounts amounted to a whopping 60 percent of the total new Twitter accounts created. On average, the accounts amounted to about 20 percent of new Twitter account created during the  10 month research period from July last year.

The researchers obtained permission from Twitter to conduct the research but were denied by Google, Yahoo and Facebook to conduct an investigation into scam accounts over their respective networks.

They spent $5000 to purchase 120,000 fake Twitter accounts in packages of 1000 accounts costing between $10 to $200. 

The scammers had a "thorough" understanding of Twitter’s anti-scam account protections, the researchers said, allowing them to create a well-oiled and stable underground market.

"Our findings show that merchants thoroughly understand Twitter’s existing defenses against automated registration, and as a result can generate thousands of accounts with little disruption in availability or instability in pricing."

The scammers leaned on CAPTCHA-breaking and email account validation services to help build the Twitter accounts -- many of which had been stockpiled for months with some tipping a year old.

"In order to fulfill orders for fraudulent Twitter accounts, we find that merchants rely on CAPTCHA solving services; fraudulent email credentials from Hotmail, Yahoo, and mail.ru; and tens of thousands of hosts located around the globe to provide a diverse pool of IP addresses beyond just social networks."

Additional but untested fraudulent services offered phone-verified Facebook accounts for as low as $0.45c, while email accounts from Google went for a base of $0.03c and Hotmail and Yahoo! accounts for a minimum of $0.005 each.

Spam was a common method of monetising the fraudulent accounts, but fraudsters also launched attacks "for the express purposes of censoring political speech".

Copyright © SC Magazine, Australia