1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

90K Twitter Botnet busted, and what you can learn from it

Discussion in 'BlackHat Lounge' started by RightFootFanatic, Jul 19, 2017.

  1. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    391
    Likes Received:
    217
    Occupation:
    DevOps
    Location:
    Whimsyshire
    • Thanks Thanks x 3
  2. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    8,110
    Likes Received:
    6,774
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    I'll read these later over a coffee, thanks.
     
  3. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,614
    Likes Received:
    8,501
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    They made a mistake leaving those footprints. The usernames were built around the same pattern, they used similar kind of profile pics and the tweets weren't random enough. Honestly this doesn't require a security firm to notice. Anyone who comes in contact with just two of these profiles, he/she can recognize the pattern. If the SIREN pays more attention to those things, there's a good chance that they wouldn't have been caught. They went to great length to cloak the urls, but they weren't able to write a properly spun message, which would result in millions of unique tweets?

    The cloaking part is five out of five stars, the rest (usernames, profile pics, tweets) looks like amateur hour to me.

    Free advertisement for DatingGold btw. :)
     
    • Thanks Thanks x 2
  4. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    924
    Likes Received:
    1,560
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland
    Home Page:
    I am always crazy when I see these "security" companies naming patterns. "Siren", "WannaCry"...and other funny names.
    For me it's just farm of 90k fake twitter accounts. "Botnet"? :D lol
     
    • Thanks Thanks x 2
  5. Elin Dotsya

    Elin Dotsya Junior Member

    Joined:
    Jul 10, 2016
    Messages:
    190
    Likes Received:
    294
    How about: Don't bot. This is Black Hat World, not Hack Forums.
     
  6. kickthat

    kickthat Jr. VIP Jr. VIP

    Joined:
    Sep 18, 2014
    Messages:
    483
    Likes Received:
    621
    Gender:
    Male
    Location:
    UK
    Botting != hacking.
    There is nothing wrong with using software to automate tasks. It's particularly common to use software to gain follows/likes/follower etc from social media or to use it to automate posts.

    I fail to see your issue.
     
    • Thanks Thanks x 2
  7. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    391
    Likes Received:
    217
    Occupation:
    DevOps
    Location:
    Whimsyshire
  8. Elin Dotsya

    Elin Dotsya Junior Member

    Joined:
    Jul 10, 2016
    Messages:
    190
    Likes Received:
    294
    • Thanks Thanks x 2
  9. itz_styx

    itz_styx Power Member

    Joined:
    May 8, 2012
    Messages:
    674
    Likes Received:
    343
    Occupation:
    CEO / Admin / Developer
    Location:
    /dev/mem
    Home Page:
    krebs is such a media slut. typical for the security industry, make everything look more evil than it is, hype it and tell the users "but we are the good guys, we protect you, as long as you buy security products from us".
    80k twitter accounts used to spam arent a botnet. this is so stupid, whats next "gmail botnet, spammers create millions of accounts" ? :p
     
    • Thanks Thanks x 2
  10. davids355

    davids355 Moderator-In-Training Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,698
    Likes Received:
    8,448
    Interesting story but zerofox reporting that network to twitter, that is not so cool.

    I bet the owners of that botnet are going to be pissed!

    And at 30m clicks, how much rev were they generating, even at $0.05 cpc that would be worth $1.5million.
     
  11. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,614
    Likes Received:
    8,501
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Hard to tell, but $1.5M is a bit too optimistic i think. :)

    They were using DatingGold, i'm not a pub there, but if i were to send 30M targeted hits from Twitter to Chaturbate PPL (they were promoting dating and cams too), that would mean around 300k free registrations, around half of that would be tier 1 and because tier 2, tier 3 pays peanuts, the earnings would be around $150k. Revshare could be better with time, but it's hard to estimate.

    Everything depends on how well they were able to target tier 1 countries, which might not be that easy on Twitter, especially when you wrote your tweets with broken English. lol
     
    • Thanks Thanks x 1
  12. davids355

    davids355 Moderator-In-Training Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,698
    Likes Received:
    8,448
    Good explanation thanks. I just googled "average cpc adult niche" :)

    Oh well $150k or $1.5m if someone I didnt even know deliberately got all my accounts banned and I lost that income I would be pretty pissed off!! But I guess its their fault for having such a big footprint. Next network they build will be a lot less obvious hopefully.
     
  13. laur.laurix

    laur.laurix Power Member

    Joined:
    May 8, 2013
    Messages:
    760
    Likes Received:
    290
    Occupation:
    Reverse Engineering Maniac
    Location:
    Mars
    white knights fags.....mind ur god damn business and let twitter trim the spam in their yard....btw the network was put down with the help of an inside tip.
     
  14. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,614
    Likes Received:
    8,501
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Well, the good thing if you do revshare, that you don't lose the old registrations, so it will still generate a nice sum per month, unless someone pursues your network to close your account. :) It's just that you don't increase your earnings, if there are no new registrations, the earnings becomes somewhat steady at least for a good while.
     
  15. davids355

    davids355 Moderator-In-Training Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,698
    Likes Received:
    8,448
    Ah right ok. So that $150k is actually worth quite a bit more than if its a continuous income.
     
    • Thanks Thanks x 1
  16. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    391
    Likes Received:
    217
    Occupation:
    DevOps
    Location:
    Whimsyshire
    Even if it were a one time payment it's still a lot of bucks, you could do something great with
     
  17. aidenhera

    aidenhera Elite Member

    Joined:
    Nov 30, 2016
    Messages:
    2,179
    Likes Received:
    501
    Gender:
    Male
    thats not a botnet. botnet is when you have illegall access to many computers through internet.


    ohh btw that 90k twitter botnet would be sick for indexing things
     
    • Thanks Thanks x 1
  18. Mileslong198

    Mileslong198 Newbie

    Joined:
    May 29, 2017
    Messages:
    2
    Likes Received:
    0
    Gender:
    Male
    Occupation:
    Prestidigitator
    Location:
    New York City
    Brian Krebs help ruin the dump game ...I hate him!
     
  19. Amoxicillin

    Amoxicillin Newbie

    Joined:
    Nov 23, 2016
    Messages:
    19
    Likes Received:
    6
    Gender:
    Male
    90K is a lot of accounts? Shit, these guys must have been in diapers during the heyday of Myspace spam...
     
  20. MonzterSlayer

    MonzterSlayer Newbie

    Joined:
    Oct 4, 2017
    Messages:
    27
    Likes Received:
    6
    Gender:
    Male
    I’m so confused by the thread title using the word “Busted.”

    I’m no security genius like the author of the first article made it seem, but I’ve come in contact with bots like this on Twitter, Facebook, Snapchat, and most likely any other form of social media I’ve had in the past.

    What makes this actually matter? They put the pattern together that I feel most knew was a bot originally and with enough of the same messages (literally 2-3) could have said the same thing but much simpler.

    Couldn’t this just be referenced to as a marketing bot for porn sites rather than being described as “evil?” That is of course if they didn’t do anything malicious which in the first article I believe they stated the links weren’t malicious, but could easily be changed maliciously.