In a recent article, I pointed out a Russian Twitter account with about 60,000 bot followers that have English names and Russian profile descriptions. But that group of accounts is an infinitesimally small example of the Russian bots and what they look like.
While some of the fakes are created and then remain stagnant for a period, others are much more active—tweeting and following real accounts—which leads to their followers following those real accounts as well.
In short, these fake accounts act like a bot distribution network.
Notice that these accounts have numerous commonalities:
> Background photos visually similar (some duplicated) across accounts
> Young women (“models”) in the profile pictures
> Handle format
> Tweets numbers
> Tweet content
> Following/Follower numbers
> Heavily bot infested
By all outward appearances, these accounts seem harmless–beautiful women mostly tweeting stock photos of scenery, animals, flowers, and children.
But are these accounts harmless?
Once the bot hostess follows a real account, its followers then have a “mutual follower” with the real account. With mutual-follower status established, the door is open for their fake-follower payload to worm its way into the real accounts.
In this sample of the bot hostess followers, notice the variety of countries, many obvious fake accounts, and other bot hostesses.
As a network, there are far too many of these accounts to get an accurate total. It is clear, however, that Russia has been creating the bot hostesses for many years. And they are still creating them.
The New Generation of Russian Bot Hostesses
Here are some of the more recent bot hostesses. Notice that the tweets now include short sentences.
The Accounts Over Time
While Twitter has finally suspended some of these accounts, I tracked a portion of the large network for more than a year. A few notable observations:
1 – As simple “shells,” the bot hostess accounts sometimes change profile pictures to a completely different person. Note that the handle is the same on this account.
2 – The bot hostess timelines largely (though, not exclusively) consist of follow-back party tweets and retweet.
3 – The Russian bot hostesses are also being promoted by other countries’ follow-back accounts—including American/English follow-back accounts, like this one.
4 – Here, the English follow-back account recommends several accounts to follow. The highlighted account is the Russian bot hostess from above that changed its profile picture.
5 – Intermixed with the follow-back party tweets and retweets, the bot-hostess timelines include marketing tweets.
While we know that Russia isn’t the only nefarious actor using bots, cyborgs and trolls in a cyber-war against us, we also know that Russia:
> Continues a cyber-war that they started against the United States many years ago—and that they haven’t stopped.
> Has spent many millions of dollars developing and implementing their cyber-attack.
> Has gone so far as to send operatives to the United States to gather intelligence for the cyber-attack.
Knowing all of this, it is concerning that Twitter has allowed Russia to create so many (obviously) fake accounts on its platform.
Points to Ponder
The fact that so much time, money, and energy is put into developing and running these types of accounts makes me wonder:
> Why would someone continuously create so many seemingly innocent accounts?
> What is the purpose of spreading these accounts into real accounts?
> These appear to fall under Twitter’s definition of “daily active users.” If so, is Twitter profiting from such accounts?
> Who benefits from the marketing tweets coming from these accounts?
Whatever end-goal these Russian bot hostesses serve, we can be certain of two things:
1 – They are immensely effective at spreading across the platform. They can be found in all types of accounts spanning the globe, including (but not limited to) the UK, India, Israel, Turkey, and the USA.
2 – Twitter’s algorithms haven’t flagged most of these accounts, so they’ve been allowed to spread.
Given the national security implications of the many millions of fake accounts on its platform and the evidence we have that Russia is in an active cyber-war against us (and many other countries), it is striking that Twitter has allowed accounts like the Russian bot hostesses to linger. Self-regulation, it seems, is not Twitter’s strong suit.
For more information on how to spot bots, see our Bot Tutorial.
Written by Virginia Murr