Adapting Social Spam Infrastructure for Political Censorship

TitleAdapting Social Spam Infrastructure for Political Censorship
Publication TypeConference Paper
Year of Publication2012
AuthorsThomas, K., Grier C., & Paxson V.
Other Numbers3297

As social networks emerge as an important tool for political engagement and dissent, services including Twitter and Facebook have become regular targets of censorship. In the past, nation states have exerted their control over Internet access to outright block connections to social media during times of political upheaval. Parties without such capabilities may however still desire to control political expression. A striking example of such manipulation recently occurred on Twitter when an unknown attacker leveraged 25,860 fraudulent accounts to send 440,793 tweets in an attempt to disrupt political conversations following the announcement of Russia’s parliamentary election results.

In this paper, we undertake an in-depth analysis of the infrastructure and accounts that facilitated the attack. We find that miscreants leveraged the spam-as-a-service market to acquire thousands of fraudulent accounts which they used in conjunction with compromised hosts located around the globe to flood out political messages. Our findings demonstrate how malicious parties can adapt the services and techniques traditionally used by spammers to other forms of attack, including censorship. Despite the complexity of the attack, we show how Twitter’s relevance-based search helped mitigate the attack’s impact on users searching for information regarding the Russian election.


This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS: 0433702 (“Collaborative Proposal Cybertrust: Center for Internet Epidemiology and Defenses”) and CNS: 0905631 ("Invigorating Empirical Network Research via Mediated Trace Analysis"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

Bibliographic Notes

Proceedings of the Fifth USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12), San Jose, California

Abbreviated Authors

K. Thomas, C. Grier, and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings