Is astroturfing with HootSuite still a thing in April 2021? It sure looks that way - we found a network (or possibly two networks) using HootSuite for synchronized retweets, which the accounts then undo after a few hours. #Lobsterfest

cc: @ZellaQuixote
First, here's a thread with some background on tweetdecking, the form of astroturfing this network engages in, which involves groups of accounts that retweet the same tweets at the same time, and then undo their retweets after the tweets go viral.
We found 28 accounts that appear to be using the Hootsuite app for astroturfing. We found two separate groups (each amplifying its own lineup of tweets), one consisting of 18 accounts and one consisting of 10 accounts. The larger group appears to undo their retweets more quickly.
Retweet network for the Hootsuite astroturfing network(s). The network consists of two clusters, matching the two groups of accounts we previously identified. (There is some crossover where accounts from one cluster amplify accounts from the other.)
How much reach does the amplification from these networks provide? These 28 accounts have a total of 333891 distinct followers, so coordinated retweets from them does provide a substantial audience despite the relatively small number of accounts involved in the operation.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

1 Apr
Meet @BlancaMatos13, a four-week old Twitter account with a penchant for using stolen photos and a distaste for Ecuadorian presidential candidate Andrés Arauz. Unsurprisingly, this account is not a solo act.

cc: @ZellaQuixote
The @BlancaMatos13 account is part of a network of (at least) 63 accounts created in batches in March 2021 that all tweet almost exclusively via TweetDeck and have Ecuador as their profile location. Most operate on very similar schedules.
This network is likely using TweetDeck's scheduling feature, which disproportionately posts its tweets during the first second of the minute for which they are scheduled. (It's also possible that TweetDeck is being automated using other software with similar scheduling behavior).
Read 5 tweets
31 Mar
What's with all these recently-created accounts with variations on "Selected Items. Deals. Product Information. Daily Updated. (eBay Links)" in their profiles?

cc: @ZellaQuixote
Answer: these accounts are part of a spam botnet consisting of 73 accounts created between October 2020 and March 2021 (most of them in February or March 2021). All the accounts in this botnet are named after various products (automotive supplies are a frequent theme).
The bots in this network do all of their tweeting via automation service dlvr(dot)it, with most of the accounts being active round-the-clock. The network has tweeted 123037 times thus far, with almost all of the volume in February and March 2020.
Read 4 tweets
28 Mar
Meet @coshdisme10853 (and its thirty thousand automated siblings). Back in 2015 and 2016, this account was tweeting in Spanish, but it went to sleep for a few years and recently woke up and started retweeting English cryptocurrency tweets. #SundaySpam

cc: @ZellaQuixote
The @coshdisme10853 account is part of a botnet consisting of 31014 accounts created back in May 2014. Accounts were created in batches and followed the big accounts they follow en masse. (Each bot follows 20-30 or so of the other bots in the network).
Who does this botnet follow? Primarily Spanish-language accounts (mostly Mexican public figures and brand accounts), with @Chertorivski, @MaruchanRamenMx and @MaruchanMx at the top of the list. (We believe that this is the first botnet we've found following a ramen company.)
Read 6 tweets
26 Mar
By reverse image searching a GAN-generated face pic (i.e. the "faces" produced by, one can often find Twitter accounts with GAN-generated profile pics. Today's search led to a massive botnet with a bit of everything. #ThursdayShenaniGANs

cc @ZellaQuixote
This botnet consists of 16512 accounts, created in batches between February 18th and March 21st, 2021. All either follow or are followed by dozens or hundreds of other members of the botnet (and by very few accounts that are not part of the botnet).
The bots in this network are grouped into clusters of a few hundred accounts each that follow or are followed by many other accounts within their cluster. The accounts mostly don't follow accounts in other clusters, but do reply to them.
Read 8 tweets
24 Mar
In the aftermath of the Boulder shooting, a variety of speculation about the attack made the rounds on Twitter. We categorized the tweets based on keywords used. The most common categories:

• apprehended + white
• Muslim, Syria(n), or ISIS
• Boebert

cc: @ZellaQuixote Image
The themes of the tweets changed over time. Tweets mentioning vaccines were common early on, but were quickly eclipsed by the apprehended+white and Boebert categories. The Muslim/Syria and Washington Post/anti-Trump categories took off after the shooter's name was released. Image
Retweet network for tweets prior to the announcement of the shooter's name containing "Boulder" or "Table Mesa" and one or more of the keywords we analyzed. It's almost all left-wing accounts, mostly focused on the apprehended+white and assault rifle ban/overturn categories. Image
Read 5 tweets
22 Mar
It's either the second day of spring or fall (depending on where you are), so here's a look at a botnet following the official Twitter account of right wing think tank @Heritage Foundation. #SundaySpam

cc: @ZellaQuixote
This botnet consists of 28971 accounts, created Nov 2013 - Jan 2014. All their tweets were sent via "Twitter Web Client", and none has tweeted since 2014. None has liked a tweet, and all have the same display name as @-name (including lack of space between first and last name).
Who does this botnet follow? The majority of the beneficiaries of its bogus follows are the official accounts of businesses (including some fairly large companies such as @Citibank and @WhiteCastle). The @Heritage Foundation (followed by 2845 of the bots) is a notable outlier.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!