A new study has discovered a vulnerability in Twitter’s trending algorithm that makes the platform susceptible to astroturfing attacks.
Researchers from the Swiss Federal Institute of Technology in Lausanne (EPFL) found that the social network doesn’t consider whether a tweet has been deleted when determining which keywords should trend.
As a result, attackers can artificially push topics up the list of Twitter trends and then remove evidence of the manipulation.
The researchers call this new form of attack “ephemeral astroturfing:”
In this attack, a chosen keyword or topic is artificially promoted by coordinated and inauthentic activity to appear popular, and, crucially, this activity is removed as part of the attack.
On Twitter, trending topics are determined by an algorithm that identifies subjects that are popular at a given moment.
The mechanism generates significant influence and potential revenue, which makes it an attractive target for adversaries seeking to manipulate users.
Ephemeral astroturfing enables them to boost their messages by exploiting the design of the Twitter trends algorithm. Per the study paper:
Trends are refreshed every five minutes, taking as input tweets that have been published in some time interval. However, despite the importance of the integrity of the list of trends, the algorithm does not check whether those tweets are still available or have been deleted.
The researchers inspected both Turkish local and global Twitter trends to investigate the impact of ephemeral astroturfing.
They found that these attacks accounted for at least 47% of local trends in Turkey and 20% of top 10 global trends analyzed during their study.
The attackers employed both bots and compromised accounts to generate the fake trends, which included phishing apps, disinformation campaigns, hate speech, and even marriage proposals.
One of the manipulated hashtags that were artificially pushed to Trends was #SuriyelilerDefolsun (“Syrians get out.”)
“This was then picked up by several news reports, other social media platforms, and in academic papers,” said study co-author Rebekah Overdorf in a statement. “In reality, it was completely fabricated.”
The team says they’ve twice notified Twitter about the issue. The company has acknowledged that the attacks do exist, but the researchers say the problem has still not been fixed.
“This manipulation has serious implications because we know that Twitter trends get attention,” said Overdorf. “Broader media outlets report on trends, which are used as a proxy for what people are talking about, but unfortunately, it’s a manipulated proxy, distorting the public view of what conversations are actually going on.”…Read more>>