Share this page!

Ben Nimmo Profile picture
Twitter logo
17 Dec, 9 tweets, 5 min read
Fun read here from @conspirator0 on a botnet that uses clips from Dracula, for that authentic "I'm a human so I write text" look.

Presumably designed to fool algorithms, as it wouldn't fool a human.

At @Graphika_NYC, we call it "Dracula's botnet".

graphika.com/posts/draculas…
We came across part this botnet in the summer, when it was boosting the pro-Chinese network "Spamouflage."

This, from @conspirator0, is a typical profile. Note the broken sentence and word in the bio. No human typed that... at least not on that Twitter account.
Now compare the bio with the version of Dracula that's online at Tallinn Technical University: lap.ttu.ee/erki/failid/ra…

Coincidence?
Nope, not a coincidence. Here's another from the same collection by @conspirator0 , together with a line from the same e-book.
In fact, all the bots from this September batch in this image have single lines from the same e-book version.

Looks like we know what text the botnet was set to scrape.
So did the July batch, but with a +sign instead of the space - presumably because the automation wasn't all it should have been.
The one difference between these different sets is what they were posting.

@conspirator0 found the first batch were pornbots, the later ones were cryptocurrency-themed.

The ones we found in August, which used the same e-book version for their bios, were amplifying the Spamouflage network, which is pro-China / anti-US / anti-Hong Kong protests.
That's the thing with botnets. They can be vacuous, and then switch to propaganda if someone pays. So it's worth being able to spot them.

I wrote this a few years ago, after a little unpleasantness with around 80,000 bots.

Some of the possible clues.

medium.com/dfrlab/botspot…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ben Nimmo

Ben Nimmo Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @benimmo

Ben Nimmo Profile picture
15 Dec
BREAKING: @Facebook just took down two foreign influence ops that it discovered going head to head in the Central African Republic, as well as targeting other countries.

More-troll Kombat, you might say.

Report by @Graphika_NYC and @stanfordio: graphika.com/reports/more-t…
There have been other times when multiple foreign ops have targeted the same country.

But this is the first time we’ve had the chance to watch two foreign operations focused on the same country target *each other*.
In the red corner, individuals associated w/ past activity by the Internet Research Agency & previous ops attributed to entities associated w/ Prigozhin.

In the blue corner, individuals associated w/ the French military.

@Facebook report here: about.fb.com/news/2020/12/r…
Read 23 tweets
Ben Nimmo Profile picture
3 Nov
ELECTION THREAD: Today and tonight are going to be a wild time online.

Remember: disinformation actors will try to spread anger or fear any way they can, because they know that people who are angry or scared are easier to manipulate.

Today above all, keep calm.
A couple of things in particular. First, watch out for perception hacking: influence ops that claim to be massively viral even if they’re not.

Trolls lie, and it’s much easier to pretend an op was viral than to make a viral op.

Remember 2018? nbcnews.com/tech/tech-news…
There have been huge improvements in our collective defences since 2016. Teams like @Graphika_NYC, @DFRLab and @2020Partnership; takedowns by @Facebook, @Twitter and @YouTube; tip-offs from law enforcement.

Trolls have to spend more effort hiding.
Read 8 tweets
Ben Nimmo Profile picture
1 Oct
NEW: A Russian operation posed as a far-right website to target U.S. divisions and the election.

Most active on Gab and Parler.
A few months old.
Looks related to the IRA-linked PeaceData (which targeted progressives).

@Graphika_NYC report: public-assets.graphika.com/reports/graphi…
Credit to @jc_stubbs of @Reuters, who tipped us off to this.

A legend in his own byline.

reuters.com/article/us-usa…
This op was based on a website called the Newsroom for American and European Based Citizens, NAEBC.

@Alexey__Kovalev might enjoy this name: it’s close to the Russian swear word “наёбка”.

Just like PeaceData sounded like the Russian epithet “пиздато.”

There’s a theme there.
Read 30 tweets
Ben Nimmo Profile picture
26 Sep
Having studied IO for longer than I care to remember, one of the most frequent comments I’ve heard, and agreed with, is that we need better ways to assess impact on multiple levels and timescales.

As part of that, we need a way to assess live IO in real time.
This paper suggests a way to approximate impact in the moment, when we don’t have the full picture, including the IO operators’ strategic objectives, or the luxury of taking the time to run polls to measure effect on public sentiment (hard even in normal circumstances).
This field is rapidly developing, but we need to start somewhere. Without clear context and a comparative scale, there's a danger of IO capitalising on fear and confusion to claim an impact they never had.

Remember the midterms in 2018?
Read 8 tweets
Ben Nimmo Profile picture
25 Sep
One of the biggest challenges with influence ops is measuring their impact.

Here's a way to do it.

Six categories, based on IO spread through communities and across platforms.

Designed to assess and compare ops in real time.

H/t @BrookingsFP.

brookings.edu/research/the-b…
It assesses info ops according to two questions:

1. Did their content get picked up outside the community where it was originally posted?

2. Did it spread to other platforms or get picked up by mainstream media or high-profile amplifiers?
Category One ops stay on the platform where they were posted, and don't get picked up beyond the original community.

Most political spam and clickbait belong here. So does bot-driven astroturfing, like the Polish batch we found with @DFRLab.

medium.com/dfrlab/polish-…
Read 21 tweets
Ben Nimmo Profile picture
24 Sep
BREAKING: Multiple platforms took down assets from various Russian info ops today.

The ops did *not* primarily target the US election. Much more on RU strategic concerns.

@Facebook kicked this off. Reports by @Graphika_NYC and @DFRLab to follow.

about.fb.com/news/2020/09/r…
The FB investigation took down several different sets of inauthentic assets, including Russian military and individuals associated with the IRA.

They have a track record of election interference. Cleaning their assets out before the U.S. election seems… prudent. Image
The @Graphika_NYC team looked at the Russian military assets. About 300 of them, activity ranging from 2013 to 2020.

It wasn’t one coherent set: more like different clusters at different times and looking in different directions, north, south, east and west. Image
Read 25 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @benimmo has new unrolls!

Check out other threads from @benimmo!

Read all threads by @benimmo