Share this page!

Conspirador Norteño Profile picture
Twitter logo
19 Feb, 5 tweets, 4 min read
Meet @DaoThuyHanh1, @TrangKi26074705, @NguyenN16424388, and @TrinhNg82469771, four automated Twitter accounts that were created this morning (Feb 18 2021) and are already spewing exciting questions like "Do People Actually Use Cryptocurrency?" into the universe.

cc @ZellaQuixote
These accounts are part of a botnet consisting of 34 accounts created in Feb 2021. They all follow multiple other members of the botnet (and not much else). Their follow graph is split into two separate clusters, with bots in each cluster only following others in that cluster.
The majority of this network's content thus far is tweets containing linkings to cryptocurrency news articles and blog posts. These tweets are sent via the SocialChief automation service, which we've seen before:
Each account also has one or two tweets sent via the Twitter Web App (in most cases, just the account's first tweet). These are mostly short phrases in English or Vietnamese, although a few are images, some of which also show up as profile pics on other accounts in the network.
Speaking of profile pics, it will likely come as no surprise to you that this botnet uses stolen profile pics. In a few cases the same pic was used as the profile pic for multiple accounts in the network.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
18 Feb
What does "normal" Twitter traffic look like in terms of what percentage of it is automated/from accounts with default pics/new accounts etc? It turns out that the baseline values differ depending on tweet language.

cc: @ZellaQuixote
We downloaded 100K random tweets in each of 9 languages: Arabic, Chinese, English, Japanese, Korean, Portuguese, Russian, Spanish, and Turkish. (We did this by choosing 1000 random cutoff times between Feb 8 and Feb 16, and downloading the preceding 100 tweets in each language.)
The percentage of tweets sent via automation apps (based on the "tweet source" field) varies widely by language. Tweets in Japanese have the highest rate of automation (16.9%) of tweets, with Arabic on the low end at only 0.9%. 5.9% of English-language tweets are automated.
Read 7 tweets
Conspirador Norteño Profile picture
16 Feb
It's a great day to look at an Arabic-language pornbot network that uses stolen profile pics. This particular botnet sometimes uses the same pic on multiple accounts, occasionally cropped differently. #MondaySpam

cc: @ZellaQuixote
This network consists of 303 accounts created from November 2020 to January 2021, with particularly large batches created on November 13th, November 15th, and December 16th, 2020.
Most of this botnet's content is in Arabic, most of it is retweets, and most of it is (allegedly) sent via the Twitter Web App. The retweets were all sent via the web app, and its original content was posted via Twitter for Advertisers, Twitter Ads, and Tweetdeck.
Read 5 tweets
Conspirador Norteño Profile picture
15 Feb
How does one detect renamed Twitter accounts and find the previous names? There's no surefire way to do it, but here are four methods that sometimes work.

cc: @ZellaQuixote
The first method is to do a Twitter search for old replies to the account in question. Use a search of this form to find replies prior to a given date and make sure to use "Latest" rather than "Top" results.

to:FMAR122 OR @FMAR122 until:2014-01-01
The previous name(s) will show up (sometimes alongside the current name) at the beginning of replies to the account's old tweets. This method doesn't always work, but it seems that when it does work, it works even if the tweets being replied to have been deleted.
Read 11 tweets
Conspirador Norteño Profile picture
14 Feb
Meet @Dilde97512368, a Twitter account with a GAN-generated profile pic that is followed by lots of other accounts with GAN-generated pics.

(GAN = "generative adversarial network", the AI technique used by thispersondoesnotexist.com to generate fake face pics.)

cc: @ZellaQuixote
60 of @Dilde97512368's followers have GAN-generated face pics, but that's not the only pattern. 15 of its followers use cat pics, 7 use anime pics, and some of the pics that are neither GAN faces, cats, nor anime pics are repeated across two or three of its followers.
We explored the follower networks of @Dilde97512368's followers, and found a total of 3204 accounts with the same mix of profile pics (anime, cats, GAN-generated faces, and repeated images), all created January 25th or later.
Read 14 tweets
Conspirador Norteño Profile picture
12 Feb
Why does Venezuelan government account @Mippcivzla get so many more retweets than likes on its tweets? #AstroturfFriday

cc: @ZellaQuixote
Answer: @Mippcivzla's tweets (and those of a few other large Venezuelan accounts) are being retweeted by a network of 2454 accounts, all allegedly using the Twitter Android app. These accounts post almost no original content (99.6% percent of their tweets are retweets).
These accounts have all retweeted hundreds of tweets or more, but have liked few or none. The content they boost reflects this - 98.6% of the tweets they retweeted got more retweets than likes. (Based on a set of 5M random tweets, only ~0.8% of tweets get more RTs than likes.)
Read 6 tweets
Conspirador Norteño Profile picture
10 Feb
The 9 accounts promoting monsterfundrise(dot)com discussed in this previous thread have been shut down by Twitter, but 15 new ones have taken their place. As before, their tweets appear be being astroturfed, garnering far more retweets than likes.

cc: @ZellaQuixote
We downloaded the set of accounts amplifying the monsterfundrise tweets, and noticed that many of the other tweets they retweeted (particularly recent tweets from Punjab, Pakistan governor @ChMSarwar) also received more retweets than likes.
(some background info on the presence of more retweets than likes being a sign of astroturfing - average ratio is more than twice as many likes as retweets)


Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @conspirator0 has new unrolls!

Check out other threads from @conspirator0!

Read all threads by @conspirator0