SybilGuard: defending against sybil attacks via social networks
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
WSDM '08 Proceedings of the 2008 International Conference on Web Search and Data Mining
@spam: the underground on 140 characters or less
Proceedings of the 17th ACM conference on Computer and communications security
Detecting and characterizing social spam campaigns
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Detecting spammers on social networks
Proceedings of the 26th Annual Computer Security Applications Conference
Design and Evaluation of a Real-Time URL Spam Filtering Service
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
Dirty jobs: the role of freelance labor in web service abuse
SEC'11 Proceedings of the 20th USENIX conference on Security
Suspended accounts in retrospect: an analysis of twitter spam
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Serf and turf: crowdturfing for fun and profit
Proceedings of the 21st international conference on World Wide Web
Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
As social networks emerge as an important tool for political engagement and dissent, services including Twitter and Facebook have become regular targets of censorship. In the past, nation states have exerted their control over Internet access to outright block connections to social media during times of political upheaval. Parties without such capabilities may however still desire to control political expression. A striking example of such manipulation recently occurred on Twitter when an unknown attacker leveraged 25,860 fraudulent accounts to send 440,793 tweets in an attempt to disrupt political conversations following the announcement of Russia's parliamentary election results. In this paper, we undertake an in-depth analysis of the infrastructure and accounts that facilitated the attack. We find that miscreants leveraged the spam-as-a-service market to acquire thousands of fraudulent accounts which they used in conjunction with compromised hosts located around the globe to flood out political messages. Our findings demonstrate how malicious parties can adapt the services and techniques traditionally used by spammers to other forms of attack, including censorship. Despite the complexity of the attack, we show how Twitter's relevance-based search helped mitigate the attack's impact on users searching for information regarding the Russian election.