Duo Security researchers identify crypto-pushing botnet on Twitter, share findings to fight fake accounts

As Duo Security sought to create a way to identify fake accounts on Twitter, the identity-focused security provider ultimately discovered a massive botnet comprised of more than 15,000 accounts attempting to scam users on the social networking service.

Note: Connect with cutting edge researchers at the forefront of digital identity and security. Attend KNOW 2019 in Las Vegas, March 24-27. Get your Early Bird tickets now!

Researchers at Duo spoke with TechCrunch about their findings, which came about as the company attempted to improve the methodology for identifying bots on social networks. Duo is open sourcing all of the methods and tools it used to discover bots on Twitter, in hopes that it will help to stop the spread of bots online.

Through its efforts, Duo said its crosschecks of verifiable Twitter account types — including bots — achieved about 98 percent accuracy.

The botnet — which is still active on Twitter, despite Duo reporting it to the service — attempts to dupe users by impersonating legitimate accounts. The bots then post links claiming to be giving away cryptocurrencies, but seek personal information to scam users.

By mapping out the connections of bots, Duo was able to find clear structures that were unique to different botnets. This allowed the company to demonstrate how bot owners change tactics and evade detection.

The findings from Duo will be formally presented this Wednesday at the Black Hat security conference in Las Vegas, in a session entitled “Don’t @ Me: Hunting Twitter Bots at Scale.”

Last week, Cisco announced it will acquire Duo Security for $2.35 billion, in a move that will help the networking company grow its presence in cloud computing an IoT. Duo Security Advisory CISO – Federal Sean Frazer spoke at OWI’s KNOW 2018 conference in Washington D.C., and the company’s head of product design, Sally Carson, was named one of OWI’s Top 100 Influencers in Identity. Duo was also featured in OWI’s IAM whitepaper.

OWI Insight: OWI itself has been the victim of these specific types of botnet attacks — for months, we were plagued with fake Twitter accounts attempting to trick users into clicking links. The bots operated by imitating the official OWI account and pushing cryptocurrency scams. The discovery by Duo Security, then, is not surprising — and nor is the lack of action from Twitter. Despite reporting dozens upon dozens of fake accounts as they were created, the problem persisted and the bots continued to spread, with no way to directly communicate with Twitter about the problem. The findings by Duo make it clear that social networks have a long way to go in identifying and stopping botnet scams and digital identity theft.