Twitter bots are becoming more sophisticated, at the same time that Trump administration officials are warning of an ongoing Russian disinformation campaign fueled by automated social media accounts.

A wave of Twitter accounts are spoofing celebrity profiles, engaging in fraud and using verified profiles that have been hacked, according to new research from Duo Security, a protection company based out of Michigan. Researchers from there will present their research at the Black Hat conference this week in Las Vegas.

“We continue to see a pervasive messaging campaign by Russia to try to weaken and divide the United States,” the Director of National Intelligence Dan Coats said during a White House press briefing Aug. 2. He added the campaign was done through “social media, through bots, through actors that they hire through proxies.”

But now, Twitter botnets are adding a level of complexity, often making it more difficult to separate genuine profiles from sham accounts. Earlier this year, the Daily Beast reported that the FBI took control of a Russian backed botnet that was 500,000 accounts strong.

“Finding bot accounts is a hard problem,” said Olabode Anise, a data scientist at Duo Security.

In a recent report, Duo Security set out to create an open source methodology to hunt for imposters. Bots were first identified against a rubric that included the average hours tweeted per day, the average number of users mentioned in a tweet and the number of tweets with the same content per day.

After using machine learning to identify users that had a high probability of being automated accounts, the researchers mapped their connections. The result was an intricate Twitter bot web.

Analyzing that networks showed how different accounts each played separate roles, said Jordan Wright, a research and development engineer at Duo Security. Some automated Twitter accounts existed for the sole purpose of “liking” other accounts to boost their reputation, he said.

The bots mimicked news organizations, set up fake celebrity accounts, and hacked into verified accounts of real users.

“The accounts responsible for spreading the malicious links would use increasingly sophisticated techniques to avoid automated detection,” the report said.

The researchers also discovered a botnet used in a cryptocurrency fraud scheme. There, automated accounts would entice users to transfer them money in exchange for a promised return in bitcoin. The money never came.

"What we are seeing are the malign influence operations — in effect, information warfare that we talked about,” said FBI Director Christopher Wray at an Aug. 2 press conference at the White House. “That’s a 24/7, 365 days-a-year phenomenon that doesn’t turn, necessarily, on whether or not we’re in the middle of an election season.”

Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.

More In IT & Networks
US must prepare for proliferation of cyber warfare
To build cyber resilience in this heightened threat environment, agencies must work closely with both international counterparts and industry to align on a proactive, global approach to all cyber threats –– not just state-sponsored attacks.