There’s a vast army of bots on Twitter, and they are on the move. Credit: REUTERS/Fabrizio Bensch You may have run into these bots a few times. What looks like an actual human being could have been a bot sending you Twitter spam…or even worse.During the last election cycle and over the past few months in particular, it’s now widely known that Twitter bots — many with zero followers — promoted fake news stories. Often, the goal was to stir up dissension among voters, influence political viewpoints, and (more importantly) generate revenue when people viewed banner ads. Some would argue these bots helped elect President Trump or at least influenced people on social media to vote one way or another.Yet, these same bot armies can do more damage than you might realize.One of the most nefarious examples is when Twitter bots are used to inflate traffic to a website, a problem that impacts both the site owner and the advertisers. In other cases, Twitter bots act like trolls that viciously attack other users, often posting hate speech, racial slurs, and volatile comments as a way to marginalize a certain viewpoint or people group. Now, security analysts are starting to think about how to quell the onslaught.Assessing the damageThe first step, as always, is to assess the damage the bots can cause and the seriousness of the problem. Phillip Hallam-Baker, a vice president and principal scientist at Comodo, says there’s a big difference between what analysts know about Twitter bots and what they suspect. For example, it’s easy to identify one bot — there are no followers, and the tweets all look like spam. It’s harder to know who is behind the bots, how they all work together, and if there are legions of human operators directing them.One example Hallam-Baker cited is when Bernie Sanders supporters seemed to compare Hillary Clinton to Donald Trump repeatedly. After the election, he says, that chatter suddenly died out — a sign that bots were involved.Another technique involves setting up false accounts that banter back and forth. This creates a stir because it looks like multiple users are all debating an important topic.“We know that Russia has large operations in which people are paid to troll various chat rooms for various purposes from accounts of people who worked there,” says Hallam-Baker.“They will do things like working in pairs pretending to have a conversation [on Twitter]. This allows them to put forward the worst arguments for a policy so they can be easily refuted.”Dennis Egen, the founder of security-focused web-dev firm Engine Room, tells CSO that Twitter bots are also used to attack corporations. They often go after a specific brand, which is what happened recently when Coca-Cola started tweeting portions of Mein Kampf. In fact, Egen says this type of attack is much easier to pull off than a data breach, and perhaps less risky in terms of thwarting the attack. In the end, anarchy is the goal.Pradeep Atrey from the University at Albany and co-director of the Albany Lab for Privacy and Security tells CSO that identification is key, but not always so easy.“These bots are interconnected and if we understand how to break through their chain, we can stop them,” he says. “However, just like we are getting smarter in recognizing them, they’re also getting smarter at doing what they do. They will imitate a real user.”Atrey says Twitter bots can also be used to carry a payload — delivering malware, tricking users with phishing attacks, and tricking everyday users in the same way as spam. What to do about the problemHallam-Baker says the Twitter bot crisis is not something security analysts have addressed properly so far. Yet, the bots are winning — they are helping to create dissension, they do tend to inflate page views at websites, and they are spreading fake news all over the web. He says Twitter bots might warrant emergency meetings — similar to what happened in the early days of spam — to decide how to fight the attacks and work toward a solution.“I would use modern AI, which is nothing more than hyper sophisticated statistical analysis,” Hallam-Baker said. “I’d identify which approaches were most effective at driving the intended propaganda result. That data would then be used to direct human and machine based interactions and I would gather data from all those interactions to constantly improve results.”Egen takes an interesting view on counterattacks. Often, the only way to fight bots is with more bots. You can imagine how this might work. If an army of Twitter bots sends out propaganda material or attacks a brand, another competing army might respond and call them out.Yet, he says this is not rocket science. Some of the Twitter bots are easy to identify — they almost always follow thousands of people yet have no followers of their own. One simple tool, he says, is called Twitter Audit, which lets you find out how many of your followers are legitimate.Still, that’s a shot in the dark. Atrey says another issue is related to false positives — obviously, not all Twitter bots are dangerous. For now, it’s a rising problem. The question is how to contain the bots, predict their behavior, and develop a plan of action before they wreak more havoc.How do you deal with this crisis? Head to Facebook to let us know. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe