Académique Documents
Professionnel Documents
Culture Documents
Muhammad Saad
James Kirk
I.
I NTRODUCTION
Fig. 1
A. SECTION 1
Fake twitter followers has become a popular industry now.
While the normal way of inflating the followers count is
tiresome and demanding, a user can easily purchase them
online. Fake followers are now available even at $ 1. Sifting
through such services, we noticed two most common trends.
Some websites provide organic bulk followers while others
offer inorganic daily followers. For example, sites like buycheapfollowersfast.com offer real followers for different
prices while sites like buyrealmarketing.com offer daily
followers, followers from USA, retweets and favorites. The
phenomenon of organic followers is known to the world. These
sites create a pool of accounts and upon subscription, direct the
pool towards the target account. However we found this new
trend of daily followers to be intriguing. Our assumption to
begin with was the underlying vulnerabilities in twitter that
contemplated daily creation of bulk users. We traced those
weaknesses, tested our assumptions against our findings and
finally automated the behavior to simulate how this industry
works. Signing up for twitter is an easy and straightforward
process. A user enters the name, types in an email ID or
phone number, selects a password, verifies phone number, sifts
through the rest of the pages and finally signs up. Twitter sends
a verification for the email ID and the user later verifies the
that and everything is up and running. As easy as it sounds, it
also flags some key security flaws in the signing up process. If
a legitimate user who has already signed up for twitter using
email legit@gmail.com then twitter will not allow another
account to be set up over this email ID. However this can easily
be circumvented by addition of a . or a + sign anywhere
before the @ character. So if legit@gmail.com is changed
by addition of a . and transformed to le.git@gmail.com,
then twitter will allow an account to be set up on this email.
However the verification link will be sent to the original
legit@gmail.com. Another way of signing up is using a ghost
email ID. One that does not exist e.g thisemailcannotpossibilyexist11987462728626@gmail.com. Twitter will inform the
user that a verification email has been sent, even though that
email ID does not even exist. And the malicious user can create
Fig. 2
Fig. 3
Fig. 6
Fig. 4
Fig. 5
Sets
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
B. SECTION 2
Intersections
0
0
1
4
10
20
35
56
84
120
165
220
286
364
455
560
680
816
969
1140
1330
1540
PseudoCode
sets = 21
adder = 0
array = [empty]
fnlc nt = 0
loop = 0
for loop sets:
adder = adder + loop
count.push(adder)
end
secondl oop
for secondl oop < count.length :
fnlc nt = f nlc nt + f nlc nt[secondl oop]
output fnlc nt
From the code we drove the following equation that
follows the progression of intersections as the set count
increases. Table below shows the number of accounts and
possible intersections of all those accounts
5)
6)
7)
C. SECTION 3
Next we explored the similarities in the followers count
of selected 21 accounts. If they were being automatically
provided followers by services, then there was to be a pattern
in the follower gain and also in the accounts created. This is
correlated to the work mentioned in the previous section and
also in the coming segment where we propose strategies of
catching fake followers. This is to be kept in notice that our
cluster of 21 accounts, no account has less that 1.5 million
followers. If we crawl the follower count of a target account
after 15 minutes for a day. And then for next consecutive 5
days, we should safely assume following observation about the
account based upon normal human behavior
1)
2)
3)
4)
C ONCLUSION