Twitter bots could bring down telcos – F5 report

Dan Woods, global head of intelligence at F5, said Twitter’s bot traffic is far greater than it could publicly concede or even admit internally.

Fake views might boost valuations, but ‘bot lifts’ can turn nasty

Twitter may well have unwittingly misled Elon Musk over its spam and inorganic content, former CIA cyber officer Dan Woods told Emma Chervek at SDX Central, but his own analysis suggests that it’s four times worse than even Musk imagines. The problem for telcos is that Fake Views and unrealistic valuations are endemic across social media companies and one days these falsities could bring everyone down, including mobile network operators. 

As the global head of intelligence at F5 Security (F5), Woods and his team identify bots all day and know which applications the bots target and their objectives. Roughly two billion interactions a day enter F5’s bot defence infrastructure and experience tells Woods that Twitter’s bot traffic is far greater than Twitter could publicly concede or even admit internally.

Musk said 20% of Twitter’s accounts are bots but experience tells Woods the spam content is above 80%. They’re probably not using the right tools to eliminate them, Woods explained. “I’m sure Twitter is trying to prevent unwanted bots [but this is] highly sophisticated automation from extremely motivated actors. In those circumstances, bot remediation is not a DIY project. It requires equally sophisticated tools,” said Woods.

Bots always have a goal, Woods said. On Twitter, where accounts with more followers are perceived as more influential, the bots aim to falsify that. The harm becomes grievous when highly motivated nation-state actors, with unlimited resources for automated control of millions of Twitter accounts, begin to interact with real users’ accounts.

As proof, Woods says he amassed 100,000 illegitimate followers after spending less than $1,000 on account boosting services. “I tweeted complete gibberish and paid followers to retweet it. They did. These accounts have names like TY19038461038, and they follow a lot of other accounts, too,” he said.

With a rudimentary programming background and some YouTube research, Woods found it was pretty easy. In one weekend he wrote a crude script that creates Twitter accounts automatically and it wasn’t blocked by the platform even though he left his IP address and user agent alone in an effort to not conceal what he was doing. “Imagine how easy it is for an organization of highly skilled, motivated individuals,” said Woods.

Two years F5 says it ran a bot defence for a US social networking site and found 99% of the site’s login traffic was automated. “They never imagined it was that bad,” said Woods. The implications affected the company valuation which is based heavily on the number of daily active users (DAU). In truth, most telco applications see about 80% to 90% automated traffic, Woods said, as do those of retailers, banks and fast-food restaurants. “Companies to grossly underestimate bot activity,” said Woods. In denial of reality, they don’t report accurate DAU numbers.

Many don’t want to admit the inflated DAU numbers as the shareholders won’t be happy. So the telco stays in the dark. Companies are motivated to look like they’re doing all they can to mitigate the bot problem while doing essentially nothing behind the curtain, Woods said.

These ‘Fake Views’ bot problems goes far beyond Twitter. It’s a symptom of a malady that could affect valuations of all technology stock and, by being hitched to social media, telcos could get dragged down. To allow unregulated bot activity is to collude in fraud. There are massive implications for everyone in technology. “The only way to fight bots is with highly sophisticated automation of our own,” said Woods, who is admittedly the vendor of a Bot-fighting service. “There is something much more important at stake here. … Allowing this problem to persist threatens the entire foundation of our digital world.”