Traf?cking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse

TitleTraf?cking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Publication TypeConference Paper
Year of Publication2013
AuthorsThomas, K., McCoy D., Grier C., Kolcz A., & Paxson V.
Other Numbers3468
Abstract

As web services such as Twitter, Facebook, Google, and Yahoo now dominate the daily activities of Internet users, cyber criminals have adapted their monetization strategies to engage users within these walled gardens. To facilitate access to these sites, an underground market has emerged where fraudulent accounts – automatically generated credentials used to perpetrate scams, phishing, and malware – are sold in bulk by the thousands. In order to understand this shadowy economy, we investigate the market for fraudulent Twitter accounts to monitor prices, availability, and fraud perpetrated by 27 merchants over the course of a 10-month period. We use our insights to develop a classifier to retroactively detect several million fraudulent accounts sold via this marketplace, 95% of which we disable with Twitter’s help. During active months, the 27 merchants we monitor appeared responsible for registering 10–20% of all accounts later flagged for spam by Twitter, generating $127–459K for their efforts.

Acknowledgment

This work was partially supported by funding provided through National Science Foundation grants CNS : 1237265 and CNS : 1237076 (“Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives”). Additional funding was provided by the Office of Naval Research under MURI grant N000140911081 and by a gift from Microsoft Research Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the sponsors.

URLhttps://www.icsi.berkeley.edu/pubs/networking/traffickingfraudulent13.pdf
Bibliographic Notes

Proceedings of the 22nd USENIX Security Symposium, Washington, D.C.

Abbreviated Authors

K. Thomas, D. McCoy, C. Grier, A. Kolcz, and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings