Share this page!

Conspirador Norteño Profile picture
Twitter logo
17 Oct, 5 tweets, 4 min read
What's up with all these accounts with AI-generated profile pics linking the same article on cointelegraph(dot)com at the same time using the same hashtags? #SaturdayShenaniGANs

cc: @ZellaQuixote
We found a total of 47 accounts spamming links to cointelegraph(dot)com via automation service dlvr(dot)it, all created in September or October 2020. The volume of this botnet has increased as more accounts were added.
The cointelegraph(dot)com website promoted by this botnet is a cryptocurrency "news" site registered in the Cayman Islands, according to WHOIS records. Almost all of this botnet's tweets (1222 of 1295, 94.3%) contain links to this website.
All 47 of the accounts in this botnet use GAN-generated profile pics (similar to those produced by thispersondoesnotexist.com). These images have the telltale sign that the eyes, nose, and mouth line up almost perfectly when overlaid/blended.
Animated visualization of blending the profile images of all 47 accounts in the botnet, demonstrating the pattern in facial feature placement. (GAN-generated face pics have other artifacts as well: nonsensical backgrounds/clothing/jewelry, for example.)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
15 Oct
We've repeatedly noted that @ARTEM_KLYUSHIN is both followed and retweeted by large bot networks. He also follows nearly one million accounts. Is there anything interesting going on there? (Spoiler: yes.)

cc: @ZellaQuixote

We downloaded all of the accounts followed by @ARTEM_KLUYSHIN and plotted the order he followed them by the creation dates of the accounts followed. There are several streaks where he followed thousands of accounts in (mostly) reverse order of creation date. What's going on?
Answer: @ARTEM_KLYUSHIN on multiple occasions followed large swaths of the followers of large accounts in most-recent-follower-first order. For example, @ARTEM_KLYUSHIN followed @history_RF's first ~52K followers in the opposite order that those accounts followed @history_RF.
Read 8 tweets
Conspirador Norteño Profile picture
14 Oct
Just for fun, we started digging through the accounts followed by 60 popular verified #MAGA accounts to see what there is to see. We found one weird thing that stuck out like a sore thumb (and will add more if/when we find more). . .

cc: @ZellaQuixote
Meet @ScottIngwers. This account has never tweeted, never liked any tweets, has no bio, and uses a default profile pic. Despite this, its 342 followers include @DonaldJTrumpJr, @IvankaTrump, and @EricTrump.
Since the account has no content, there's not really much about @ScottIngwers to analyze, but we did notice that despite the account being totally empty, it's picked up followers in a variety of languages.
Read 8 tweets
Conspirador Norteño Profile picture
13 Oct
What's the deal with these newly-made Twitter accounts firing off spammy replies in multiple languages? #TuesdayThoughts

cc: @ZellaQuixote Image
Answer: they're part of a spam network of unknown purposes, consisting of 23 accounts that tweet on remarkably similar schedules via "Mobile Web (M2)" (early tweets were sent via "Twitter Web App"). 98.9% of the tweets posted by these accounts are replies. ImageImageImageImage
Although these accounts reply mostly in English, a significant minority of their content is in a variety of other languages. The content is all over the map, ranging from random feel-good replies to coupon codes to comments on the present Armenia/Azerbaijan conflict. ImageImage
Read 5 tweets
Conspirador Norteño Profile picture
12 Oct
If you're looking for Twitter accounts promoting an ad-infested website with a deceptively similar name to UK news agency Sky News, then this botnet's for you. #MondayMotivation #Scamalicious

cc: @ZellaQuixote ImageImage
The real website for Sky News is sky(dot)com (and various subdomains, such as news(dot)sky(dot)com). The fake site is sky-news(dot)co(dot)uk, with a hyphen. Image
This botnet consists of six accounts, all created on October 11th, 2020. These accounts tweet via automation service IFTTT. All use female profile pics and have bitly links on their profiles that lead to sky-news(dot)co(dot)uk, which is not actually Sky News. ImageImageImage
Read 4 tweets
Conspirador Norteño Profile picture
11 Oct
Meet @bmjisoo, a self-described Events & Program Manager, Adventurous Foodie, Global Trotter, and National Park Explorer. Based on its flurry of recent pro-Trump and anti-Biden retweets, it would at first glance appear to be a #MAGA account.

cc: @ZellaQuixote
The full story is a bit more complicated. @bmjisoo began its Twitter life as a Korean-language account back in 2014, took a five-year hiatus, and then woke back up in 2020, first retweeting a bunch of Indonesian follower farming spam before assuming its current #MAGA persona.
The account presently known as @bmjisoo also changed names at least once: when it was tweeting in Korean back in 2014, it was named @blbml08t6e. (Its permanent ID is 2287181347, just in case it swaps names again.)
Read 10 tweets
Conspirador Norteño Profile picture
9 Oct
Twitter accounts being sold on dodgy websites frequently have fake followers, and @nokilllogwtmp (permanent ID 529412597) is no exception, with several thousand batch-created accounts following it. We decided to further explore this bulk follow network.

cc: @ZellaQuixote
To find more accounts that are part of this bulk follow network, we downloaded the followers of accounts followed by the bogus-looking followers of @nokilllogwtmp, and repeated the process until we hit diminishing returns.
We found 23794 accounts we believe to be part of this bulk follow network. Most were created in batches between 2012 and 2014. Some were not, but we suspect they're part of the network anyway due to the order in which they followed the accounts they follow (among other things).
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @conspirator0