One big thing I learned from the @Graphika_NYC report on Roger Stone's inauthentic social media network was just how much of an environmentalist he is. This sock puppet @GladstoneLaura for ex. promoted this Facebook group facebook.com/flforcleanwate… #RogerStone #infosec #osint
The Floridians for Clean Water group really intrigued me as it had some odd memes like this one. And in the process of researching what that was all about I stumbled upon the hashtag #FloridiansForCleanWater #RogerStone #infosec #osint
Looking at the handful of accounts using #FloridiansForCleanWater in 2016 there were 4 accounts (@LifesABeach_1 @Kateopoly @AmandaSwimChamp @JennyBennyPenny) all claiming 2b from different parts of Florida & heavily using this hashtag in a very repetitive manner. #infosec #osint
The accounts used URL shorteners to send viewers to this Facebook page (facebook.com/Floridians-For…) which now redirects to the still live Facebook group at facebook.com/flforcleanwate…. The first tweet in this campaign was on June 26th at 11:55 am #infosec #osint
It quickly became obvious that the accounts were being automated ... likely scheduled within the app Hootsuite to repeat 2 tweets every 10 minutes like shown here. #infoOps #osint #infosec
The campaign soon brought in 2 more accnts so that now four different accounts were rotating every 5 mins. Two accounts tweeted out at the same time & then two new ones 5 mins later. And always 5 mins apart at this point for hours and hours consecutively. #infoOps #osint #infosec
The last rotation of four occurred on 06-28-16 at 11:05 PM. In all, just over 710 total tweets using the #FloridiansForCleanWater hashtag were sent to specific other Floridians tagged in the tweet over roughly a three day period. #infoOps #osint #infosec
So who were these accounts, posing as attractive young female Floridians concerned about clean water issues? They directed over 700 other Florida residents via the tagging method 2 a facebook group called "Floridians for Clean Water". Clearly created specifically 4 this campaign
The tweets coming from these four accounts were automated and scheduled, likely via the app Hootsuite & the tweets were mostly published every 5 mins nearly around the clock. These profiles of daily tweet activity very clearly display significant bot behavior. #infoOps #osint
The profile pics were also not those of Floridian residents. Amanda @AmandaSwimChamp from Orlando Florida was actually model Aneta S. from Prague of the Czech Republic #infoOps #osint #infosec
Kate @Kateopoly of West Palm Beach, Florida was actually model Hayley_Novelli from Sydney Australia. #infoOps #osint #infosec
And Jenny @JennyBennyPenny of Clearwater Florida was really model Anita Sikorska from Poland. A reverse image search for the profile pic used by the account @LifesABeach_1 turned up no matches. #infoOps #osint #infosec
Here's a movie scrolling through these tweets created 4 this #FloridiansForCleanWater campaign. To be clear, I made no attribution to who owns or created these accounts. Just they seem 2b tangentially related to accounts found in the @Graphika_NYC report on #RogerStone #osint
Okay I clearly need to work out bugs on video to GIF conversion. Apologize for that. It properly conveys the series of automated tweets. So this story actually doesn't end here. Most of the tweets had no likes or RTs but a few did and the boosting accounts were VERY interesting.
A significant number of the accnts that liked the #FloridiansForCleanWater tweets were hacked accounts that were turned into soft porn accnts spreading #malware or links to "Dirty Tinder" sites. Most were only active in 2016. And a couple of accounts like this. #infosec #osint
There is alot of data & links to Russian hosted DirtyTinder and/or redirector sites from these Goo[.]gl URL shortened links so extreme caution if you choose to follow any of them. Hope to shed more light on this later. Here's one such account that I fuzzed out a little. #infosec
You can see how this is likely a hacked account given the original tweets from 2012 were mundane tweets of a personal nature and then there is a 4 yrs gap and then links to "Dirty Tinder" related sites hosted on Russian infrastructure. #infoOps #osint #infosec
Here is my original thread on the @Graphika_NYC report from a few days ago.
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.