Eliminating bots means legitimate users could also get banned.
Billionaire Elon Musk wants to purge bots on Twitter ( (TWTR) – Get Twitter, Inc. Report), making the claim as part of his $44 billion bid for the social media company.
His acquisition of Twitter has come under scrutiny as Musk sold $8.5 billion of Tesla ( (TSLA) – Get Tesla Inc Report) stock to pay for the takeover that has been approved by the board, but is waiting on a shareholder vote.
Twitter users have complained for several years about the number of bots attacking accounts for economic, political or personal reasons.
Bots have been both in favor and against Tesla and shares of the company as well as criticizing Musk.
He has claimed he seeks to eliminate the bots.
“If our twitter bid succeeds, we will defeat the spam bots or die trying!” Musk tweeted, but claimed he sought to “authenticate all real humans.”
How Bots Work
Whenever a large amount of Twitter accounts are tweeting the same thing simultaneously or close together, it may be a Twitter bot, Nicole Hoffman, senior cyber threat intelligence analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, told TheStreet.
“Bots are automated Twitter accounts that are programmed to perform tasks on Twitter,” she said.
While some of these bots can be useful, such as tweeting about weather emergencies, many other ones are used for more nefarious purposes, such as “spreading misinformation and tweeting an excessive amount of tweets to promote a product or website,” Hoffman said.
Social media bots are just fake accounts that are either manually run by an individual or are automated, Storm Swendsboe, director of threat intelligence at SafeGuard Cyber, a Charlottesville, Virginia-based cybersecurity company that protects organizations from communication-based threats across digital platforms such as social media, told TheStreet.
While bots are used under standard business operations to promote content, drive traffic or inflate numbers, they are often used in criminal scams, such as cryptocurrency pump and dumps, fake ICOs and spoofed crypto sites, he said.
“They are also used to trick people into visiting various types of malicious websites or to spread misinformation,” Swendsboe said. “In one reported case last year, a Twitter bot was also observed to be intercepting online payments, by automatically responding to tweets that referenced Venmo or PayPal, and cloning the account of the intended recipient in order to divert the payment to the criminal.”
Bots are computer software programs that can interpret and react to inputs without human intervention and were used initially to automate routine tasks such as answering questions from customers.
The advancements in artificial intelligence and deep learning have led to bots that can respond in a similar fashion like a human and engage in dialogue with both humans and other bots, he said.
“Systems like Apple Siri, Google Assistant, and Amazon Alexa are examples where over time they have become closer to true human-like responses,” Swendsboe said. “That increased sophistication in bots makes them both more capable to augment or replace humans for some tasks, but also more dangerous if used for malicious intent by threat actors.”
Who Is Behind the Bots
Russia’s Internet Research Agency, which is often referred to as a troll farm, has been attributed to millions of Twitter bots in the last few years to spread misinformation, Hoffman said.
“Whether it is an organization or an individual, the issue remains the same,” she said.
Social media bots are driven and operated by marketing firms and nation-state operations, Swendsboe said.
“Nation-states use these bots and sometimes purchase these services from marketing firms in order to promote messages favorable to their national interest,” he said.
Open source “deep learning” models like GPT-3 means both individuals and organizations have access to advanced automated text generation and text responses to human queries, Bud Broomhead, CEO at Viakoo, a Mountain View, Calif.-based provider of automated IoT cyber hygiene, told TheStreet. This gives them the ability to hide a location via VPN and other methods, but the physical location does not really matter either, he said.
Why Bots Are Beating Social Media Companies
There could be several reasons why social media companies like Twitter and Facebook (FB) – Get Meta Platforms Inc. Class A Report have difficulty identifying and removing bots, Hoffman said. They might need additional staff to moderate and identify potential bots, or their bot detection software might not be as accurate as they would have hoped.
“It is difficult to say whether a new owner could eliminate the spam bot problem on Twitter,” she said. “Cybercriminals have a way of evolving alongside technology. So it is possible the issue will continue past any new policies.”
Botnet armies are hard to squash directly because they are capable of taking on multiple identities, Broomhead said. They are often formed from vulnerable IoT/OT devices because they have networking capabilities.
The race between the opposing sides of bots continue.
“What matters to Twitter, FB, and others is that they keep fighting, otherwise advances in artificial intelligence and deep learning could create a more substantial gap than exists today,” he said.
Can Bots Be Defeated?
The development of more sophisticated algorithms can eliminate more bots, Broomhead said. Another strategy is to require more extensive validation of identities to ensure that only humans are operating on Twitter.
“Despite their sophistication, bots still behave in ways different than humans and more comprehensive algorithms can be more successful in detecting bots,” he said.
While bots can post faster than humans can, be engaged with more topics and react in different ways, there are capabilities that can be used to detect them, Broomhead said.
Twitter can use IP reputation to find botnets, mark suspicious accounts and look for entities posting the same content across many accounts, John Bambenek, principal threat hunter at Netenrich, a San Jose, California.-based digital IT and security operations company, told TheStreet.
Eliminating bots requires a financial commitment from a company.
“If Twitter can show it’s profitable to kick out the trash while increasing real engagement, capitalism will kick in and other companies will follow,” he said. “The only way to get enterprises to do the right thing is to show them it’s profitable to do so.”
The challenge for Twitter will be identifying and eliminating the bad actors without removing legitimate users or tools, Mike Parkin, senior technical engineer at Vulcan Cyber, an Israeli provider of SaaS for enterprise cyber risk remediation, told TheStreet.
The largest challenge is the disinformation issue and being able to strike a balance between having an open free-speech platform and one that is abused for disinformation and propaganda, he said.
“It can be hard to eliminate bots without affecting legitimate users while the bot writers are constantly evolving their tools,” Parkin said.
Adding end-to-end encryption to Twitter could be problematic since some countries restrict cryptology and the company may not want to lose access to them. The technical overhead is relatively minor since other apps have shown the use of them, he said.
A new owner of Twitter could eliminate more bots, but it requires creative thinking, Broomhead said.
“It will not be as easy as flicking a switch and the fight against the bots will likely never end, as these actors continue to adapt their account creation and maintenance tactics,” he said.