New EPFL research focused on Turkey from the Distributed Information Systems Laboratory, a part of the School of Computer and Communication Sciences discovered a vulnerability in the algorithm which decides Twitter Trending Topics (it doesn’t take deletions into account). This enables attackers popularize the trends they want on Twitter despite deleting their tweet containing the candidate trend shortly afterwards.
‘We found that attackers employ both fake and compromised accounts, which are the accounts of regular people with stolen credentials, or who installed a malicious app on their phones. Generally, they are not aware that their account is being used as a bot to manipulate trending topics. Sometimes they are but don’t know what to do about it and in both cases, they keep using Twitter,’ said Tuğrulcan Elmas, co-author of the research, which was accepted by the IEEE European Symposium of Security and Privacy 2021.
‘We found that 47% of local trends in Turkey and 20% of global trends are fake, created from scratch by bots. Between June 2015 and September 2019, we uncovered 108,000 bot accounts involved— the biggest bot dataset reported in a single paper. Our research is the first to uncover the manipulation of Twitter Trends at this scale,’ Elmas said.
Some of the fake trends they discovered includes gambling promotions, political slogans, phishing apps, disinformation campaigns, marriage proposals and hate speech against vulnerable populations.
‘This manipulation has serious implications because we know that Twitter Trends get attention. Broader media outlets report on trends, which are used as a proxy for what people are talking about, but unfortunately, it’s a manipulated proxy, distorting the public view of what conversations are actually going on,’ said Rebekah Overdorf, another co-author. ‘For example, one of the manipulated hashtags that we found that was pushed to Trends artificially was #SuriyelilerDefolsun translated to ‘Syrians, get out’ and this was then picked up by several news reports, other social media platforms and in academic papers. In reality, it was completely fabricated,’ continued Overdorf.
The researchers contacted Twitter who acknowledged the vulnerability in its algorithm. The company declined to make any changes and did not respond to the researchers’ follow-up emails. ‘The problem has not been fixed and we still see obvious spam trends occurring. It’s clear that until the vulnerability in the algorithm is corrected, adversaries will continue to create fake trends with the same attack methodology,’ Elmas concluded.
By Marvellous Iwendi.
Source: EPFL News