Share this page!

Conspirador Norteño Profile picture
Twitter logo
16 Nov, 9 tweets, 5 min read
In an interesting coincidence, this tweet linking what appears to be an unauthorized livestream of a sporting event was retweeted by a bunch of similarly-named accounts created in May 2013. #SundaySpam

cc: @ZellaQuixote
These accounts are part of a botnet promoting what we believe to be pirated livestreams of a variety of sporting events. (Among other things, many of the accounts have had tweets removed for copyright violations.
This botnet consists of two types of accounts: 206 accounts that link the pirated streams in their tweets, and 16 accounts that retweet them.
The 16 accounts retweeting the streams were all created on May 15th or May 16th, 2013. All have lowercase usernames ending in three digits, and display names that don't match the usernames (@martingyc509's display name is "Wendell Thelina", for example.
Nearly all of their retweets are allegedly sent via "Twitter Web Client" (the old version of the Twitter website). These 16 accounts operate on very similar schedules, although not all have participated every time the network has activated.
The 16 retweeters in turn amplify 206 accounts that actually link the pirated livestreams in question. Unlike the retweeters, these accounts were created over a period of several years, but every single one tweets almost exclusively via TweetDeck.
We weren't able to find out much about the websites these bots link, although they do look virtually identical. Either no streams were live when we visited, or the streaming does not work over Tor, which we used for opsec reasons (always be careful when visiting dodgy websites).
One more interesting property of this botnet: both the retweeters and the accounts being retweeted (222 accounts in all) have all their tweets processed by the same Twitter datacenter, which is consistent with them originating from the same portion of the Internet.
(previous thread dicussing Twitter datacenter IDs and a right-wing conspiracy theory account)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
18 Nov
We explored the followers of the accounts followed by @JaMaalBuster's batch-created followers to see if we could find more accounts that were part of the same botnet, and did not return empty-handed. #TuesdayThoughts

cc: @ZellaQuixote Image
We found a total of 36698 accounts, all created in July or August 2013. None of these accounts has ever tweeted or liked a tweet, and the first name and last name in their display names do not match their @-names (@Gerlach_Dianna9 is "Estella Fritsch", for example). ImageImage
Who do the accounts in this botnet follow? As is often the case with bulk follow botnets, there's a lot of variety. One account, @Wolfvee11, is followed by all 200 of the accounts in our sample (and 36510 of 36698 of the bots in the network, 99.5%). Image
Read 6 tweets
Conspirador Norteño Profile picture
16 Nov
What's up with all these accounts who are getting divorced and moving to <insert place name here> following the revelation that their wives voted for Joe Biden? (Spoiler: they're not bots.)

cc: @ZellaQuixote Image
We downloaded tweets (excluding retweets) containing "my wife told me", "she voted for Joe Biden", and "divorced", yielding 1119 tweets from 604 accounts. A grand total of 2 of those accounts (@CrapAmericaSays and @tsbcomng) appear to be automated, so bots aren't the story here. ImageImageImageImage
Here are the first 15 accounts to tweet "my wife told me (that) she voted for Joe Biden" and mentioning getting divorced. Almost all of them, including the first account (@wernerstarCEO) are UK football fan accounts rather than politically-themed accounts. Image
Read 5 tweets
Conspirador Norteño Profile picture
15 Nov
If you're looking for tweets discussing half of a wanderer or spider and don't mind the utter absence of coherent sentences, this botnet will be right up your alley. #SundaySentenceFragments

cc: @ZellaQuixote
This botnet consists of 25 accounts, all created in October or November 2020. All of their biographies are lengthy resumes of seemingly random occupations, and all tweet exclusively via "Twitter Web Client" (the old and hypothetically unavailable version of the Twitter website).
Each account in this botnet has thus far activated exactly once, firing off 4-6 tweets over the span of a minute or two, and then going silent. The tweets themselves are (likely randomly generated) mashups of words, phrases, and sentence fragments rather than complete sentences.
Read 5 tweets
Conspirador Norteño Profile picture
15 Nov
Meet @SRRRJ, @Srm1n, @DemiLovatoTH, @banci__, and @gdibarry, a quintet of automated accounts that tweet CNN articles accompanied by partial headlines and tag @null (a suspended account) in each tweet.

cc: @ZellaQuixote
These five accounts presently send all of their tweets via automation service twittbot(dot)net. There are two distinct schedule patterns, so it's possible this is two separate botnets, but since the accounts are otherwise similar we analyzed them as a single network.
What does this botnet tweet? It's quite single-minded: all recent tweets (the last ~3200 from each account) contain links to CNN, accompanied by the beginning of the title of whatever article/video is being linked.
Read 5 tweets
Conspirador Norteño Profile picture
14 Nov
We've seen some glitchy GAN-generated images used as Twitter profile pics before, but @jtatejtate1 kinda takes the cake with the utterly surreal "clothing" and "hat". #SaturdayShenanigans

cc: @ZellaQuixote
Here's a video showing @jtatejtate1's profile pic blended with a bunch of other GAN-generated images. The major facial features (eyes, nose, and mouth) are in the same location on each image.
(more on GAN-generated face pics and the usage thereof on Twitter accounts)
Read 11 tweets
Conspirador Norteño Profile picture
12 Nov
We've analyzed a variety of bot/sock networks using coordinated retweeting to make content look more popular than it actually is (astroturfing). For a change of pace, here's a look at a network from 2018 that used quote tweets for artificial amplification.

cc: @ZellaQuixote
This June 2018 tweet from @OrigoNetworks received more than 3 times as many quote tweets as retweets (quote tweet/retweet ratio of ~0.05 appears to be average). Furthermore, the accounts that quote tweeted it were disproportionately created in June/July 2018. What happened?
To explore further, we looked at other tweets with lopsided quote tweet/retweet ratios quote tweeted by the bulk-created accounts that quote tweeted the @OrigoNetworks tweet, and indeed found more accounts created in June/July 2018 that quote tweeted a lot of the same tweets.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @conspirator0