Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Musk Now Gets Chance to Defeat Twitter’s Many Fake Accounts

Twitter’s unending fight against spam accounts is now a problem for new owner Elon Musk, who pledged in April to defeat the bot scourge or “die trying!”

Twitter’s unending fight against spam accounts is now a problem for new owner Elon Musk, who pledged in April to defeat the bot scourge or “die trying!”

He later cited bots as a reason to back out of buying the social platform. Now that the billionaire has completed the deal, he’s faced with the task of delivering on his promise to clean up the fake profiles that have preoccupied him and bedeviled Twitter since long before he expressed interest in acquiring it.

The challenge carries high stakes. The bot count matters because advertisers — Twitter’s chief revenue source — want to know roughly how many real humans they are reaching when they buy ads. It’s also important in the effort to stop bad actors from amassing an army of accounts to amplify misinformation or harass political adversaries.

Solving Twitter's Bot Problems“The bigger picture in my mind is: How do we make Twitter a better place for everybody,” said bot-counting expert Emilio Ferrara, who worked over the summer to investigate the problem for Musk. He cited the “value of the platform as a societal experience, as a collective place to have civilized discourse and talk freely without interference from nefarious accounts,” or scams, spam, pornography and harassment.

To find out just how bad the bots are, Musk hired Ferrara and other data scientists to investigate. At the time, he sought to prove that Twitter was misleading the public when it said fewer than 5% of its daily active users are fake or spam accounts. If Twitter lied or withheld crucial information about the bot count, Musk could argue that he was justified in terminating the $44 billion agreement.

Ferrara, an associate professor of computer science and communications at the University of Southern California, said he had no real interest in whether Musk ultimately ended up owning the platform.

{ Read: Can Elon Musk Spur Cybersecurity Innovation at Twitter? }

Instead, he hoped that “any findings would be able to help improve the platform,” Ferrara told The Associated Press, speaking for the first time about his planned role as Musk’s expert trial witness.

The question now is what Musk will do with that information. Ferrara’s presentation — some 350 pages of analysis and supporting documents — is locked up in confidential court filings, and he said he can’t disclose his conclusions.

Advertisement. Scroll to continue reading.

Twitter’s former leaders and its lawyers said Musk wildly exaggerated the problem because he had buyer’s remorse. Precise counts are “almost impossible” because any bot estimate is based on assumptions that can lead to bias, said Filippo Menczer, a researcher who has been studying social bots for more than a decade and was consulted by Twitter earlier this year.

“Nobody knows exactly how bad the problem is,” said Menczer, director of Indiana University’s Observatory on Social Media, who said he was speaking from his role as an academic researcher, not a consultant. “I would guess it’s not as bad as Musk said and not as good as Twitter claimed.”

Many experts also doubt Musk’s ability to easily make improvements, which he’s suggested would rely on using algorithms to track and remove fake accounts and implementing new measures to “authenticate” real people.

Earlier this month, Ferrara was preparing to travel to the East Coast to testify in Delaware, where Musk was defending against Twitter’s lawsuit asking a court to force him to close the deal. But two weeks before the scheduled Oct. 17 trial, Musk changed his mind and said he would go ahead with the $44 billion acquisition. It closed Thursday.

Most legal experts didn’t think Musk had much of a case. The court’s head judge seemed likely to side with Twitter based on the specific terms and conditions of the April purchase agreement.

But that’s not to say Musk didn’t have a point about the bots, according to Ferrara and other researchers hired by Musk’s legal team.

The analysis firm CounterAction, which worked with Ferrara, said it concluded in a July 18 report submitted to the court that Twitter’s spam rate for monetizable accounts — those of value to advertisers — was at least 10% and could be as high as 14.2%, depending on how the rate is measured.

Trevor Davis, the firm’s founder and CEO, said that analysis was based on a “firehose” of internal data that Twitter gave to Musk, but the company declined to provide additional data sought by Musk’s team.

“We expect that access to the withheld data would reveal an even higher true spam rate,” Davis said in a prepared statement.

Musk has long been preoccupied with Twitter spambots promoting cryptocurrency schemes, in part because as a celebrity user with more than 110 million followers, he sees a lot of them. Some scammers have opened accounts mimicking Musk’s name and likeness to try to get people to think he’s endorsing something.

Not all bots are bad. Twitter encourages the use of automated accounts that report the weather, earthquakes or post humor or lines from literary classics. Twitter also allows for anonymity, which protects free speech and privacy — especially in authoritarian regions. But that practice can make it harder to root out malicious fake accounts.

Ferrara first caught Twitter’s attention in the aftermath of revelations that Russia used social media to meddle in the U.S. presidential election in 2016, when he led a research group that estimated that 9% to 15% of Twitter’s active English-language accounts were bots.

In a blog post soon after, Twitter complained that such outside research “is often inaccurate and methodologically flawed.” The company has repeatedly reported the under-5% number in its quarterly filings to the Securities and Exchange Commission, though it also cautions that it could be higher.

Before Musk’s takeover, Twitter said it removed 1 million spam accounts each day. To calculate how many accounts are malicious spam, Twitter reviews thousands of accounts sampled at random, using both public and private data such as IP addresses, phone numbers, geolocation and how the account behaves when it is active.

But over the past months, Musk and Twitter have tussled over the methodology. Twitter uses a metric it calls mDAU, for monetizable daily active usage.

That “is literally a metric they invented,” Ferrara said. “You cannot contrast and compare that metric with any other service.”

When Musk first started publicly raising questions about the bot numbers after agreeing to buy the company, another firm, Israel-based Cyabra, said it had the answer.

“That elusive number you are looking for … we have it. It’s 13.7%,” the firm tweeted on May 17, flagging Musk’s Twitter handle to get his attention.

Cyabra’s machine-learning technology works by scanning a large number of social media profiles to track behavioral patterns, trying to pick out which are behaving like humans. Such guesswork can misfire — but the tweet caught the attention of people close to Musk, if not the billionaire himself.

Cyabra CEO Dan Brahmy said the company started working with the Musk camp by the end of May. Regardless of what the true count is, he said it’s not going to be an easy problem to solve.

“Some bots are definitely nefarious,” Brahmy said. “The trade-offs are between being extremely high on sign-up standards and information security versus being extremely open minded in a way” that fosters freedom of speech and creativity.

ReadMusk Lawyers Seize on Twitter Whistleblower Revelations

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.