Jane Austen Twitter Bots

Unhackthevote June 8, 2018

Share:

Yes, we are talking about the Jane Austen the author. As we discovered, a group of Twitter bots regularly tweet phrases from Jane Austen literature. Thus, we’ve named this bot group the “Jane Austen Twitter Bots.” But these accounts aren’t as harmless as they sound.

A few days ago, we noticed an interesting response in the comments on a thread. A tattooed woman tweeted “points of blood and.” Points of blood and?

We looked at Tara Charlson’s account and noticed a few interesting things.

> Her account description makes about as much sense as her tweets.

> Although the account has been active since 2014, she only has 18 followers.

> She prefers the “barely there” look when it comes to clothing.

> Her Twitter handle, @luisman81849303, ends in eight digits and has no resemblance to the username.

> The link in her description is unusual looking. Twichick.info? Never heard of that.

Other Oddities

Going back further in her timeline, we noticed she was tweeting in Portuguese in 2014. Then, for over four years, there were no tweets until very recently. This is a hallmark of a re-purposed account, which are sometimes hacked and sold on the black market.

These accounts can look well-established because they look like they joined Twitter years ago. Since both the account name and the twitter handle itself can be changed, it can be difficult to track the origins of these accounts.

Here is a similar account. Compare the username (Emma Oliver) to the twitter handle (@hongpiao). Note that the account was created in 2012. Now, scroll back in the tweets.

What about that odd tweet we started with: “points of blood and”. Where did that come from? Let’s look at one of the more distinctive tweets. “Devonshire.–Edwardturned hastily towards her,”.

We did a Google search for that tweet and other similarly distinctive ones. Tara Charlson is quoting Jane Austen!

In just a few minutes, we uncovered dozens of related accounts with identical patterns. Here is a partial list:

@luisman81849303
@hongpiao
@KarinaRiehl1
@thahey1
@Jhoon_alan
@SwaggThiskid
@AzzaHoria
@Joseplenitude
@ChidoriMr
@erwanjheussaff
@CoolboyMahmud
@ljycts
@budakretax
@ChristinaTononi
@ashleycakes123
@EywaLeo
@bringhimhom

What’s the purpose of this botnet? Let’s have a look at the URLs used in these accounts’ profiles. For instance, twichick.info. Caution: it’s always a bad idea to click on links in questionable Twitter profiles. For this reason, we investigated this domain using the online tool VirusTotal.

The Jane Austen Twitter Bots have Infected URLs

And what did we find? A Russian server.

Looks like the Russian server is hosting all the domains of Tara Charlson and her sister pornbots.

This is why we never click on a link in a suspicious Twitter account. The server is hosting malware.

Once again, without too much effort, we have stumbled on a botnet. This time it’s a dangerous one. In fact, Twitter is already aware that these domains are malicious. Try tweeting or DMing “twichick.info”. Twitter will not allow you to.

If it’s easy for us to spot this, why can’t Twitter? Why is Twitter allowing accounts with malicious links in their profiles to remain active?

What should you do when you spot suspicious activity like this?

> Again, NEVER click on a link in a suspicious account’s timeline.

> Double-check your assessment. Does the account have multiple flags of a fake account?

> Once you are sure the account is a bot, block and report.

To learn to identify Twitter bots, see our Bot Tutorial.

Thanks to @GwendolynIRL for sending us some additional information.

Written by Unhackthevote