The Prof Says “Go Get Crypto”: … The Rise of the Intelligent Bot Hackers

Forget Facebook … Get Ready for the Real Fake News
Photo by Markus Winkler on Unsplash

The Prof Says “Go Get Crypto”: … The Rise of the Intelligent Bot Hackers

Forget Facebook … Get Ready for the Real Fake News

It has now been revealed that, over the past few months, there has been a massive botnet of over 15,000 strong. This botnet has been scraping social media and cloning IDs. The new feature is that the “bots” use machine learning to understand how best to target users, and have then evolved their operation so that they evade detected.

The researchers found traces of more than 88 million fake Twitter accounts over a period from May 2018 to July 2018. These bots detect those who post the most relevant content and who are influential in the space of cryptocurrencies, and copy parts of their name and profile pictures. They then tweet around a cryptocurrency give-away. Quickly, too, they gather what seemed to be real followers, and have a profile which has likes.

The researchers who detected the botnet outlines:

“[Searching for connected bots] resulted in a 3 tiered botnet structure consisting of the scam publishing bots, the hub accounts (if any) the bots were following, and the amplification bots that like each created tweet. The mapping shows that the amplification bots like tweets from both clusters, binding them together.”

As far as I can tell here is how it operated:

My ID cloning

So, a few months ago I was surfing Twitter, and found that I was promoting cryptocurrencies:

https://twitter.com/PfBBuhnnOB11

I had a double take on this, and I thought I must have tweeted it, without even looking. But it was a scam created by the fake crypto bots, and a where bot had detecting my influence and interest in cryptocurrencies, and then scraped my ID, and used it.

In the Tweet, you will see that they had detected me tweeting, and then created a fake ID (PfBBuhnnOB11), which is some of the letters from from my Twitter name (and not my Twitter handle):

Prof B Buchanan OBE → Prof B Buchanan OBE → PfBBuhnnOB11

And so I investigated a bit more, and found that the bot had captured a low-res picture of me, and then tweeted, and soon had lots of followers:

Here is one of the fake accounts: https://twitter.com/mariaja96140002

Notice the poor quality image on the Twitter account, and that it managed to gain 48 follows, but had just tweeted seven times (but had already likely 11 things). You will see that the followers eventually have no picture, and are those who have just joined.

The bot captures a tweet, and creates a new account with the same photo, and the posts on the back of it (and gathers likes):

If we analyse one of the fake accounts — which has been active since May 2018 — there seems to be a Dutch influence people that the bot follows [here]:

The rise of the bots

We see fake news all over the Internet, and on many pages there are more fake items than real news. So, I love watching Dragon’s Den, and when I saw this I was shocked that the programme had been cancelled:

What I should have noticed was it was “Easy Recipes” who were tweeting this, but I clicked on the posting. Here is what I found [Link][Link]:

But the more you read, the more find out that you have been conned and it is fake news — Clickbait! I was an article on two crypto currency entrepreneurs who received amazing feedback from each of the Dragon’s Den team. I scratched my head for a short time, as I hadn’t seen this episode, but soon realised it was completely fake.

Even Deborah Meaden has noticed the fake news:

Her quote defines that “This thing is legit”:

In the end you end up at a site which shows Bill Gates, Richard Branson, and the Eric Schmidt telling the world that Bitcoin is great (notice the UK flag):

The site that hosted it has been taken down, but it is all over the Internet:

and:

The quotes include:

Deborah Meaden was the courageous dragon who wanted to make the required minimum invested. She instantly transferred 250 pounds to her Bitcoin Trader account and waited for the software to do its magic. Everyone was stunned after the first 5 minutes when they saw Deborah earning 73 pounds without doing anything. She didn’t have any bitcoin trading experience and she didn’t follow any particular strategy to earn those money.

and:

First, Peter Jones offered 2 million pounds for 25% of the business. Touker Suleyman wanted to become part of this project and he offered 2.4 million pounds for 25% of the company. In the end, after intense discussions, Peter Jones was the winner, offering 2.5 million pounds for 20% of the company.

If fact, there are a whole lot of fake pages around the stories, and which trick you into thinking you are on a real site:

I should have spotted that the original tweet had come from a food site. How can it be possible that someone has created a page such as this, with real photos and quotes from the stars?

There are some tricks going on, on the Internet, where users are tricked into reading things, and where eventually the made-up stories become trusted. So, I live in Juniper Green, Edinburgh, and this review popped up on Twitter, so I dived in and had a quick look [here]:

While I was happy at the free wi-fi, I was a bit shocked at £130 for a bottle of Dom Perigon 2000:

But there’s a sneaky thing going on at the news items at the bottom of the page and where we see articles with local connections. So, you’ll see “Edinburgh Mum’s Trick Removes Eye-Bags” and “Edinburgh Mum Sheds 1.4 stones”:

When you go to the site, you find that it is a pretty generic page, which has tricked you into thinking that there is some local interest:

The strategy is thus to seed the Internet with stories, over many different media channels, and this increases their impact by customising them for whichever region you are in. The V for veracity has thus been because people are reading the article.

If you search over the Internet, you find lots of similar stories:

But the strangest of all the links is the YouTube video for the story, which is basically just a cityscape (or maybe there’s a hidden skinny pill in there):

At the root of this “spoofing” advertisements is a company named Revcontent:

And if you click on their link you get:

And if you follow-up on their so-called “privacy” policy, you can see they basically use everything they can to track you … cookies, web beacons, web storage, unique device identifiers …

and then they say that they can pass this onto they want now and in the future:

For them the “magic” happens with a smart piece of JavaScript code:

and where the http://trends.revcontent.com/serve.js.php feeds you customised advertisements based on your location. It does this by dropping a cookie onto your machine, and then traces you across all the sites that you visit, and also across your devices. It thus passes a w variable (giving the ID of the site), along with the date and the width of your browser.

Revcontent, too, seem to think they are changing the world and have pictures of Steve Jobs and Martin Luther King on their main Web page:

and:

Conclusions

The Internet model of running code only from the site that you are accessing is now gone, and the cross-fertilisation of activity is growing. Basically … trust on the Internet is BROKEN!

Basically … you are being tricked into clicking on a link, which often has very little real substance. You are being spied upon, and it’s not by the CIA or FBI, it is by Google and invisible advertising spies, who customise your pages for you … because they think you want them.

For the crypto Bot network, we must worry how well the agents are targeting trusted IDs, and then cloning their ID, and then building up a credibility around the new ID. It is almost like a human is behind each clone, but the scale is massive, so they only have to be success for 1 in a million, and they win!