The issue of crowdturfing has been a growing one over the past few years, and despite clear evidence that it is now a rapidly growing ‘industry’, there seems little sign that it’s slowing down or that social networks are getting to grips with it.
Some new research by UC Berkeley and the International Computer Science Institute (ICSI) underline the scale of the problem. Their research, compiled over a ten month period, saw them track nearly 30 companies selling crowdturfing services that were collectively responsible for several million fake accounts.
On the plus side, they believe that around 90% of the accounts created by these companies were zapped by Twitter during that time, but on the negative side, these companies had just 20% of the market share, so there were many more in this marketplace.
“Revenue generated by miscreants participating in this market varies widely based on business strategy, with spam affiliate programs generating $12$92 million and fake anti-virus scammers $5-116 million over the course of their operations,” the researchers note.
“Specialization within this ecosystem is the norm,” the paper goes on to explain, “The appearance of account merchants is yet another specialization where sellers enable other miscreants to penetrate walled garden services, while at the same time abstracting away the complexities of CAPTCHA solving, acquiring unique emails, and dodging IP blacklisting. These accounts can then be used for a multitude of activities…”
Most of the time the fake accounts are used to spam legitimate users, but increasingly criminals are utilising them for phishing and malware. In addition to spamming for commercial reasons however, the accounts are also increasingly being used for ideological purposes.
“Apart from for-profit activities, miscreants have also leveraged fraudulent accounts to launch attacks from within Twitter for the express purposes of censoring political speech. All of these examples serve to illustrate the deleterious effect that fraudulent accounts have on social networks and user safety,” the researchers wrote.
Which is an interesting trend given that Mitt Romney was widely believed to have bought fake followers during the last presidential election. Whilst it seemed at the time that most of that was more ego driven to inflate his follower numbers, it begs the question of how long before these fake networks are used to influence trends.
According to the paper, the average cost for a Twitter account is only $0.04. Facebook accounts vary, averaging between $0.45-1.50 per account if it is phone verified, or as low as $0.10 per account without verification. Phone verified Google accounts are about $0.03-0.50 per account; while Hotmail ($0.004-0.03) and Yahoo ($0.006-0.015) accounts are priced way below the norm due to their wide availability.
“Prices ranged in price from $.10 $.15 per verification for bulk orders of 100,000 verifications, and $.25 per verification for smaller orders,” the researchers add, showing a clear business plan by the merchants to move as many high-value accounts as possible in a single order.
The scale of things was pretty impressive. The researchers found that 70% of order volume were typically delivered inside of one day, with 90% delivered inside three days. The researchers note that there is a tough balancing act for the networks who are desperate to show member growth on one hand, whilst restricting crowdturfing on the other.
The researchers suggest email account verification and improved CAPTCHAs are the best way of cutting down on fake accounts.
“In our experience, when required, CAPTCHAs prevent merchants from registering 92% of fraudulent accounts. Services could also leverage this failure rate as a signal for blacklisting an IP address in real-time, cutting into the number of accounts merchants can register from a single IP,” the researchers observed.