Share this page!

Conspirador Norteño Profile picture
Twitter logo
22 Mar, 5 tweets, 4 min read
It's either the second day of spring or fall (depending on where you are), so here's a look at a botnet following the official Twitter account of right wing think tank @Heritage Foundation. #SundaySpam

cc: @ZellaQuixote
This botnet consists of 28971 accounts, created Nov 2013 - Jan 2014. All their tweets were sent via "Twitter Web Client", and none has tweeted since 2014. None has liked a tweet, and all have the same display name as @-name (including lack of space between first and last name).
Who does this botnet follow? The majority of the beneficiaries of its bogus follows are the official accounts of businesses (including some fairly large companies such as @Citibank and @WhiteCastle). The @Heritage Foundation (followed by 2845 of the bots) is a notable outlier.
Here are follower plots for nine of the accounts followed by portions of the botnet, with the portion containing the bots zoomed. In most cases, the botnet seems to have followed the accounts in multiple batches over time, with brief periods of organic follower growth in between.
Unlike many of the astroturfy botnets we've studied, this one doesn't retweet the accounts it follows (or any others). All of its content is brief tweets (generally generic comments on personal relationships) that are frequently duplicated by thousands of the bots in the network.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
20 Mar
Inspired by a recent viral tweet, I have introduced the local felines to a floor full of cups.

cc: @ZellaQuixote
Read 4 tweets
Conspirador Norteño Profile picture
19 Mar
Some Twitter botnets do all sorts of elaborate things, but this is not one of them. The accounts in this botnet have thus far all followed exactly two accounts (@@polkastarter and @ConvergenceFin) and done nothing else - no tweets, no likes, no other follows.

cc: @ZellaQuixote
This botnet consists of 1004 accounts created on February 25th and February 26th, 2021. In addition to the similarities already noted (no tweets, no likes, following the same two accounts), none has a biography or header image and all have female names.
Almost all of the accounts in this botnet do have profile pics, and (big shock) they appear to be stolen, with many of them having previously been used on other Twitter accounts, most of which are now suspended.
Read 4 tweets
Conspirador Norteño Profile picture
17 Mar
It's a day ending in "y", and a bunch of similar-looking accounts are attaching four letter codes to their otherwise identical tweets denying genocide and downplaying human rights abuses in Xinjiang. #TuesdayAstroturf

cc: @ZellaQuixote
We found a network of 113 accounts posting duplicate tweets about Xinjiang with random four letter codes appended. All were created between December 2020 and February 2021, generally in batches of accounts with similar naming schemes. Most use photos of scenery as profile pics.
These 113 accounts (allegedly) post all of their tweets via the Twitter Web App, generally in brief tweetstorms where most/all of the accounts tweet within an hour or so of each other. Most tweets are in English or Chinese, but the network has tweeted in 31 languages thus far.
Read 7 tweets
Conspirador Norteño Profile picture
16 Mar
Oh look, a "PREMIUM" Twitter account for sale for $1500 (whatever "PREMIUM" means). Let's take a look. #MondayMotivation

cc: @ZellaQuixote
Most of the Twitter account listings on accs-market(dot)com include the account's @-name, but in this case the seller has hidden it. The account's display name, profile pic, and follower count are included, and it is apparently verified (blue check), so maybe we can find it.
Sure enough, a verified account named @DakotaPrukop (ID 310045063) exists and has roughly the same number of followers as the account advertised as for sale. It appears to have changed its profile pic, but a recent archive of its feed shows the same pic featured in the listing.
Read 5 tweets
Conspirador Norteño Profile picture
14 Mar
Daylight savings time has begun (in the USA, at least), and what better way to mark the occasion than by looking at a quote tweet astroturf botnet? #SundaySpam

cc: @ZellaQuixote
This network consists of 4399 accounts, created between January 23rd and January 25th 2021. The 4399 bots all follow the same 13 cryptocurrency/blockchain-themed accounts (or a subset thereof) and no other accounts.
The accounts in this network send all of their tweets via the Twitter Web App (allegedly). All of their content is either retweets or quote tweets - no original tweets or replies.
Read 6 tweets
Conspirador Norteño Profile picture
10 Mar
As it turns out, the @BlockchainCutie account amplified by the botnet described in this previous thread has a bunch of fake followers. We took a closer look at the largest network following it.

cc: @ZellaQuixote
3117 of @BlockchainCutie's followers are batch-created accounts created in late 2020 that we believe to be part of a single botnet. To find the rest of the botnet, we explored the followers of the other accounts these 3117 bots follow.
This botnet consists of 9640 accounts, created in batches between October 15th and December 18th 2020. All of these accounts tweet exclusively via the Twitter Web App - no tweets sent via Android or iPhone, which is itself anomalous.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @conspirator0 has new unrolls!

Check out other threads from @conspirator0!

Read all threads by @conspirator0