In addition to the eight accounts presently up for sale, we found two others with the same naming scheme: @cryptotover1111 and @cryptouover1111. All ten accounts were created in 2021 and have tweeted/retweeted a small amount of cryptocurrency content via Twitter for Android.
(BTW, buying/selling Twitter accounts is against TOS, and websites offering such services should be regarded as potentially unsafe and one should take precautions when visiting then, such as using Tor.)
Interestingly, @cryptoaover1111 and its nine similarly-named friends have a lot of the same followers. These appear to be a mix of legitimate cryptocurrency accounts, followback accounts, and various spam networks.
4022 of the accounts following one or more of the ten crypto*over1111 accounts are "followback" accounts - accounts that advertise in their profiles that they will follow any account back. This table shows some examples:
89 of the most recent followers of @cryptoaover1111 and its nine similarly-named friends are part of a much larger botnet whose members (so far) mostly follow one another. (The plagiarism mentioned in the graph title is explained further down the thread.)
This botnet consists of 6716 accounts created in batches between May and August 2021. Most have tweeted exactly once, although some have no tweets and a few have up to five. None has ever liked a tweet, and all follow hundreds or thousands of other members of the botnet.
This network has (allegedly) posted all of its tweets thus far with Twitter web products, both the current "Twitter Web App" and the "Twitter Web Client" that Twitter shut down a year before these accounts were created. Tweet content is in a mix of English and Chinese.
The accounts in this botnet use the same pool of repeated phrases for both tweet content and profile biographies. The phrases appear to be plagiarized from all over the internet, and are centered on no particular topic.
As with their tweet content and biographies, the profile images used by these bots are stolen. (A few have default pics rather than stolen ones.) TinEye and Google outperformed Yandex at tracking down previous uses of this set of images.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
It's New Year's Eve, and a bunch of politics enthusiasts with GAN-generated faces are enthusiastically replying to a variety of posts with similarly-worded replies. #NewYearShenaniGANs
cc: @ZellaQuixote
The politics enthusiasts are part of a spam network consisting of (at least) 575 accounts created between May and December 2023 with GAN-generated faces. Many of their handles, such as @Maairiuieinaaa and @eJooeiaAoneueer, contain long strings of vowels.
@Maairiuieinaaa @eJooeiaAoneueer All 575 of these accounts use StyleGAN-generated faces as profile images. Some of these, such as @MauMoiagaia's profile image, contain a tiny "StyleGAN 2 (Karras et al.)" watermark in the lower right corner.
It's a great day to look at a network of inauthentic accounts that post identical AI art images (with a side of good old fashioned T-shirt spam).
cc: @ZellaQuixote
This network consists of 24 X accounts. 12 of these accounts were created in the latter half of 2023 and have female avatars, while the other 12 were created in 2013 or earlier and have male avatars.
The 12 accounts with female avatars and 2023 creation dates regularly post AI-generated art images, and these image posts are quickly reposted by other accounts in the network (both female and male). The AI-generated images are often duplicated across accounts.
Meet @ImJamesMiller (permanent ID 1371651462153994242), an account with a GAN-generated face, 172K followers, and no tweets prior to two days ago. What's up with that?
cc: @ZellaQuixote
As it turns out, @ImJamesMiller wasn't always named @ImJamesMiller. In June, the account was named @/IamJimCaviezel in an apparent attempt to impersonate Sound of Freedom actor Jim Caviezel.
@ImJamesMiller Multiple prominent users appear to have accepted the fake Jim Caviezel account as legitimate, including Texas Congressman Brian Babin, right-wing influencer/ex-Game of Thrones blogger Jack Posobiec, and recently indicted ex-Assistant Attorney General Jeff Clark.
It's a great day to look at a network of Bluesky spam accounts with randomized names. #SundaySpam
cc: @ZellaQuixote
This spam network consists of (at least) 401 accounts, all of which were created (or added to the Bluesky app view) in August 2023. These accounts do not follow each other; rather, each one follows a small number of popular Bluesky accounts.
The accounts in this network cycle rhythmically between posting three types of content:
• reposts
• posts containing links to news articles
• posts containing links to news articles accompanied by images
Meet @thisisorange, a Twitter account created in February 2022 with a gold "verified organization" badge, thousands of batch-created fake followers, and a couple other interesting traits.
Verified organizations on Twitter can verify affiliated accounts (employees, teams, brand names, etc), which receive blue checkmarks as well as an organization badge (help.twitter.com/en/using-twitt…). The @thisisorange account has thousands of affiliates, mostly cryptocurrency accounts.
How did this come about? The website linked on @thisisorange's profile (orange dot associates) apparently allows one to become an affiliate simply by providing a Twitter account and a cryptocurrency wallet.