1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

90K Twitter Botnet busted, and what you can learn from it

Discussion in 'BlackHat Lounge' started by RightFootFanatic, Jul 19, 2017.

  1. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    348
    Likes Received:
    194
    Occupation:
    DevOps
    Location:
    Whimsyshire
    • Thanks Thanks x 3
  2. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    7,163
    Likes Received:
    5,640
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    I'll read these later over a coffee, thanks.
     
  3. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,314
    Likes Received:
    8,281
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    They made a mistake leaving those footprints. The usernames were built around the same pattern, they used similar kind of profile pics and the tweets weren't random enough. Honestly this doesn't require a security firm to notice. Anyone who comes in contact with just two of these profiles, he/she can recognize the pattern. If the SIREN pays more attention to those things, there's a good chance that they wouldn't have been caught. They went to great length to cloak the urls, but they weren't able to write a properly spun message, which would result in millions of unique tweets?

    The cloaking part is five out of five stars, the rest (usernames, profile pics, tweets) looks like amateur hour to me.

    Free advertisement for DatingGold btw. :)
     
    • Thanks Thanks x 2
  4. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    816
    Likes Received:
    1,427
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    I am always crazy when I see these "security" companies naming patterns. "Siren", "WannaCry"...and other funny names.
    For me it's just farm of 90k fake twitter accounts. "Botnet"? :D lol
     
    • Thanks Thanks x 2
  5. Elin Dotsya

    Elin Dotsya Junior Member

    Joined:
    Jul 10, 2016
    Messages:
    190
    Likes Received:
    294
    How about: Don't bot. This is Black Hat World, not Hack Forums.
     
  6. kickthat

    kickthat Jr. VIP Jr. VIP

    Joined:
    Sep 18, 2014
    Messages:
    418
    Likes Received:
    507
    Gender:
    Male
    Location:
    UK
    Botting != hacking.
    There is nothing wrong with using software to automate tasks. It's particularly common to use software to gain follows/likes/follower etc from social media or to use it to automate posts.

    I fail to see your issue.
     
    • Thanks Thanks x 2
  7. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    348
    Likes Received:
    194
    Occupation:
    DevOps
    Location:
    Whimsyshire
  8. Elin Dotsya

    Elin Dotsya Junior Member

    Joined:
    Jul 10, 2016
    Messages:
    190
    Likes Received:
    294
    • Thanks Thanks x 2
  9. itz_styx

    itz_styx Jr. VIP Jr. VIP

    Joined:
    May 8, 2012
    Messages:
    560
    Likes Received:
    262
    Occupation:
    CEO / Admin / Developer
    Location:
    /dev/mem
    Home Page:
    krebs is such a media slut. typical for the security industry, make everything look more evil than it is, hype it and tell the users "but we are the good guys, we protect you, as long as you buy security products from us".
    80k twitter accounts used to spam arent a botnet. this is so stupid, whats next "gmail botnet, spammers create millions of accounts" ? :p
     
    • Thanks Thanks x 2
  10. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,199
    Likes Received:
    7,850
    Home Page:
    Interesting story but zerofox reporting that network to twitter, that is not so cool.

    I bet the owners of that botnet are going to be pissed!

    And at 30m clicks, how much rev were they generating, even at $0.05 cpc that would be worth $1.5million.
     
  11. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,314
    Likes Received:
    8,281
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Hard to tell, but $1.5M is a bit too optimistic i think. :)

    They were using DatingGold, i'm not a pub there, but if i were to send 30M targeted hits from Twitter to Chaturbate PPL (they were promoting dating and cams too), that would mean around 300k free registrations, around half of that would be tier 1 and because tier 2, tier 3 pays peanuts, the earnings would be around $150k. Revshare could be better with time, but it's hard to estimate.

    Everything depends on how well they were able to target tier 1 countries, which might not be that easy on Twitter, especially when you wrote your tweets with broken English. lol
     
    • Thanks Thanks x 1
  12. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,199
    Likes Received:
    7,850
    Home Page:
    Good explanation thanks. I just googled "average cpc adult niche" :)

    Oh well $150k or $1.5m if someone I didnt even know deliberately got all my accounts banned and I lost that income I would be pretty pissed off!! But I guess its their fault for having such a big footprint. Next network they build will be a lot less obvious hopefully.
     
  13. laur.laurix

    laur.laurix Power Member

    Joined:
    May 8, 2013
    Messages:
    703
    Likes Received:
    262
    Occupation:
    Reverse Engineering Maniac
    Location:
    Mars
    white knights fags.....mind ur god damn business and let twitter trim the spam in their yard....btw the network was put down with the help of an inside tip.
     
  14. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,314
    Likes Received:
    8,281
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Well, the good thing if you do revshare, that you don't lose the old registrations, so it will still generate a nice sum per month, unless someone pursues your network to close your account. :) It's just that you don't increase your earnings, if there are no new registrations, the earnings becomes somewhat steady at least for a good while.
     
  15. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,199
    Likes Received:
    7,850
    Home Page:
    Ah right ok. So that $150k is actually worth quite a bit more than if its a continuous income.
     
    • Thanks Thanks x 1
  16. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    348
    Likes Received:
    194
    Occupation:
    DevOps
    Location:
    Whimsyshire
    Even if it were a one time payment it's still a lot of bucks, you could do something great with
     
  17. aidenhera

    aidenhera Elite Member

    Joined:
    Nov 30, 2016
    Messages:
    1,866
    Likes Received:
    403
    Gender:
    Male
    thats not a botnet. botnet is when you have illegall access to many computers through internet.


    ohh btw that 90k twitter botnet would be sick for indexing things
     
    • Thanks Thanks x 1