Share this page!

Conspirador Norteño Profile picture
Twitter logo
29 Nov, 9 tweets, 7 min read
What's with all these similarly-named accounts retweeting this @globaltimesnews tweet? #SundaySpam

cc: @ZellaQuixote
Answer: a few recent @globaltimesnews tweets have been amplified by two distinct groups of bots. (It's possible that they are part of the same network, but we can't prove this, so we treated them as two separate botnets for the sake of this analysis.) #ATaleOfTwoBotnets
The smaller of the two botnets consists of 76 accounts created in October and November 2020, all (allegedly) tweeting via the Twitter Android App. In an apparent lapse of creativity on the part of the botnet operators, 36 of the accounts are named either "Barb" or "Barbara".
What does this botnet do? Almost all of its content (130 of 134 tweets) consists of retweets of two @globaltimesnews tweets supposedly "debunking" the existence of detention centers in Xinjiang.

(debunking of the "debunking" here: )
The larger of the two botnets that amplified @globaltimesnews consists of 7258 accounts created between November 2019 and April 2020. All have lowercase names ending in 2 to 4 numbers, and tweet exclusively via the Twitter Web App.
The majority of this botnet's content to date is original tweets rather than retweets. Almost all of its retweets thus far are retweets of one of two @globaltimesnews tweets. As with the first botnet, both of the @globaltimesnews tweets it amplified are related to Xinjiang.
The original tweets produced by this botnet are repetitive, with many duplicated across dozens of accounts. They appear to be sayings/aphorisms in both Chinese and English rather than news/political tweets. (As always, skepticism of Google Translate output is warranted.)
In addition to tweeting random sayings and retweeting @globaltimesnews, this botnet also followed a bunch of accounts en masse. Many of them appear to be large followback accounts, although they mostly didn't follow the bots back.
H/T @Nrg8000 for drawing our attention to these botnets:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
29 Nov
Meet @DianaWi59797083, a newly-created pro-Trump account that can't seem to decide whether its name is Blake or Diana. It probably doesn't matter, since it's using a plagiarized profile pic that's been floating around the internet for years. #YouHadOneJob

cc: @ZellaQuixote Image
Compounding the hilarity, the first account to retweet @DianaWi59797083 is @JasonMAGA4ever, an account created a couple weeks ago. In what is doubtless a total coincidence, @JasonMAGA4ever is also using a stolen profile photo. Image
We weren't able to retrieve the early retweets of @JasonMAGA4ever's tweets, so the saga ends there for now, but we wouldn't be surprised if its Twitter career was bootstrapped with the aid of additional bogus #MAGA accounts with stolen pics.
Read 5 tweets
Conspirador Norteño Profile picture
28 Nov
How did this video get 8.5K views despite the tweets having no retweets or likes and the accounts having no followers?

cc: @ZellaQuixote
Answer: the video, originally tweeted by @CindyScarbrou17, has been embedded in 1353 tweets from 1140 different accounts. Although none of the individual tweets got much attention, the video racked up a decent view count due to the the sheer number of tweets containing it.
These accounts are part of a Korean-language pornbot network consisting of (at least) 4291 accounts with repetitive naming schemes, created in batches between September 30th and November 18th, 2020. The older accounts host the original videos, and the newer ones embed them.
Read 5 tweets
Conspirador Norteño Profile picture
27 Nov
Can one use search engines to find Twitter accounts with GAN-generated profile pics? #ThanksgivingShenaniGANs

(GAN = "generative adversarial network", the AI technology behind websites like thispersondoesnotexist.com)

cc: @ZellaQuixote
It turns out that when one reverse image searches a GAN-generated face pic, some of the results are other GAN-generated face pics. We used Yandex, as it was more effective than Google and is easier to automate. (This doesn't work with TinEye, which only finds exact matches.)
We generated 500 face pics using thispersondoesnotexist(dot)com, reverse searched them using Yandex, and filtered the results to Twitter profile pics, yielding 35 accounts (plus a few suspended ones). As usual, the major facial features are in the same place on each image.
Read 7 tweets
Conspirador Norteño Profile picture
24 Nov
We snagged the last 10 days worth of replies sent via Mobile Web (M2), and noticed a couple of interesting spikes in the creation dates of the accounts (on October 29th and November 1st, 2020). What's up with that? #MondayMotivation

cc: @ZellaQuixote
Answer: the two spikes in creation dates appear to be an Arabic-language retweet/reply botnet, consisting of (at least) 149 accounts created in late October/early November 2020.

(We think there are actually more accounts, but we'll get to that later.)
The majority of this botnet's content is retweets of a variety of Arabic-langauge accounts. Based on Google's (potentially erroneous) translations of the most popular tweets, the majority of the content is discount codes for various products and services.
Read 7 tweets
Conspirador Norteño Profile picture
22 Nov
We took a look at the follower of popular right-wing Twitter account @ColumbiaBugle. The vast majority of its followers look like run-of-the-mill #MAGA accounts, but we found an interesting group of batch-created accounts lurking among its earliest followers.

cc: @ZellaQuixote
We searched the followers of the other accounts followed by @ColumbiaBugle's early batch-created followers to see if we could find more, but came up empty handed. Interestingly, @ColumbiaBugle is the *only* account followed by all 154 accounts.
The accounts in this fake follower network were created in batches in late 2015 and early 2016. None have tweeted or liked a tweet. Several have names that are takeoffs on 2016 GOP presidential candidates (@MRubioooooo, @TedCruzzinn, @cruzin_teddy). All have default profile pics.
Read 5 tweets
Conspirador Norteño Profile picture
21 Nov
What's with all of these repetitive replies mentioning the name "Nicholas Shawn"? #SaturdaySpam

cc: @ZellaQuixote
Answer: they're from a reply spam botnet we didn't know quite what to make of when we first saw it. It is now on a mission to promote forex trading/cryptocurrency content. ("Nicholas Shawn" appears to be a reference to the "Nick Shawn" Youtube channel.)
This botnet consists of 48 accounts, all created in September or October 2020. (We found 35 accounts when we first looked at it). Almost all tweets are replies sent via "Mobile Web (M2)".
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @conspirator0