Researchers discover hundreds of thousands of unsuspected, Star Wars-themed twitterbots hiding in plain sight

Twitter is a great place for bots. Botherders like Shardcore produce amazing, politics, artistic bots that mine Twitter, inject useful information into Twitter, or just frolic on Twitter, making it a better place. Twitterbots produce entries in imaginary grimoires, conduct sociological research, produce virtual model railroads, alert the public when governments try to make bad news disappear, and much, much more.



But there's another kind of Twitterbot: some mysteriously RT people, others create hoax terrorism scares, harass dissidents, and, of course, follow people for money in huge hordes, creating the appearance of legitimacy. Bots also game the trending topics algorithm, flood the Twitter API with junk messages, and are used for "opinion management" to create the appearance of large numbers of individuals united behind some cause or point of view.

Twitter does what it can to snuff out these bad bots, and researchers avidly study both the bots and the anti-bot measures for insight into information security and propaganda. Juan Echeverria, a grad student in computer science at University College London, is one such researcher, and he has discovered a remarkable, previously unsuspected herd of bots, with 350,000 confirmed so far. They also promise a forthcoming report on another, even larger botnet with 500,000 members (!).

Echeverria and his collaborator, Shi Zhou, have published their findings in a working paper on Arxiv, where they detail the "Star Wars botnet" of 350,000 Twitter accounts that do little besides tweet quotes from Star Wars novels with seemingly random words turned into hashtags.


The Star Wars botnet is significant in part because it is so very large -- botnets of this size were believed to have been detected and deleted by Twitter long ago, early in the arms race between malicious botherders and Twitter ops. The existence of another, even larger botnet with 500,000 members suggests that the arms-race is being won by the bots, and that those who believed Twitter had its bot problems under control were living in a fool's paradise.


It is known there are millions of bots on Twitter. But the Star Wars botnet is perhaps
the first evidence that a single botnet can be as large as such. It is shocking that a
botmaster was determined to create so many bots, and the botnet has been well hidden
for three years.

It is irresponsible to assume that the botmaster does not have any cynical or malign
purpose. In fact, the best we can hope for is that the botnet was created purely for
commercial gains. It is known [27] that pre-aged bots could be sold at a premium on
the black market . This means the Star Wars bots are perfectly suited to be sold as fake
followers because they are already three years old and therefore more ‘valuable’. Indeed,
we have observed that up to 15k Star Wars bots have been following a small number of
Twitter users outside the botnet. The only plausible explanation is that these bots have
already been sold as fake followers.

But, what if the botmaster wants more? What if someone offers a good price for
purchasing the control of the whole botnet? The cybersecurity community must
appreciate and assess the potential threats of such event, so that proper remedial
procedures can be developed.

The ‘Star Wars’ botnet with >350k Twitter bots [Juan Echeverria1 and Shi Zhou/Arxiv]