Twitter bots launch new generation DDoS attack to deny freedom of speech
Technology has undoubtedly given us unprecedented opportunities to exercise our freedom of speech. Most recently, it has actually been used to take that freedom away from us.
On August 29, investigative journalist Brian Krebs posted a tweet poking fun at the predictable responses in support of Trump that follow any tweet about Russian President Vladimir Putin — regardless of whether or not the presidential election was explicitly mentioned.
Bring on the bots and sock puppet accounts. Amazing how a tweet about Putin always engenders defensive responses about Trump.
— briankrebs (@briankrebs) 29 de agosto de 2017
What followed was a sudden wave of 12,000 new followers and a nearly equal amount of re-tweets, thanks to a botnet targeting individuals who are attempting to expose the implicit damage of bot accounts and their influence on public opinion.
The bots responsible for the likes are known to be active spreaders of fake news, in addition to supporters of the Kremlin.
However, if the bots are pro-Russia, why would they promote Krebs’ anti-Russia tweet?
While counterintuitive, the tactic is one being used by Twitter bots to intimidate journalists, and in some cases, get their accounts banned for suspicious activity, as recently experienced by Joseph Cox, cybersecurity reporter for The Daily Beast.
As put by Krebs in a blog post about the incident, “A huge collection of botted accounts—the vast majority of which should be easily detectable as such—may be able to abuse Twitter’s anti-abuse tools to temporarily shutter the accounts of real people suspected of being bots!”
The attacks launched by these Twitter bots are reminiscent of traditional distributed denial-of-service (DDoS) attacks launched with the intent of denying legitimate users access to a given website and compromising the owners of the website in the process.
DDoS attacks work by sending an overwhelming number of requests to access a certain webpage from a number of different machines. In effect, the flood of traffic to the website renders the system inoperable, causing it to crash as it is unable to process the sheer amount of data being directed at it.
The purpose of these attacks is often retaliatory or vengeful in nature with political, social, or economic motivations. Additionally, though, they can be used to bully institutions that the perpetrator does not agree with.
In 2012, for example, Iran was blamed by the US government for taking down the websites of JPMorgan Chase and Bank of America in retaliation for economic sanctions placed on the country by U.S. officials attempting to halt its nuclear program.
Consider also the 2008 attack on the controversial Church of Scientology launched by the hacker group Anonymous. In a video explaining the attack, the offenders described their intention to destroy the organization for the good of mankind, saying, “We shall proceed to expel you from the Internet and systematically dismantle the Church of Scientology in its present form.”
News publications have been compromised by traditional DDoS attacks as well. The BBC, for example, experienced an attack that took the company offline for about an hour on New Year’s Eve in 2015.
Just as traditional DDoS attacks use a distributed network of computers to cause denial of service to a website, the Twitter bots were able to launch a DDoS attack from a distributed network of compromised accounts seeking to deny service to legitimate users by activating Twitter’s anti-bot tools.
Moreover, like traditional DDoS attacks, the actions of the Twitter bots were used to express disapproval and damage the reputations of the individuals on the receiving end of the attack, in addition to denying them their right to freedom of speech.
Essentially, it is the modern method of silencing journalists, a tactic previously accomplished with bribes or death threats. The difference, though, is that the attacks launched on Twitter are automated and carry far less significant immediate consequences.
With that being said, however, the implications of such a development are incredibly far-reaching.
Now, anyone with the ingenuity to develop a botnet — or anyone with the resources to pay for one — can effectively launch a cyberattack on someone who holds a contrary opinion or takes a controversial stance on a given topic, putting censorship directly in the hands of the public.
In the most extreme case, if bots continue to grow more powerful and Twitter is unable to curb their attacks, what we may see is social media being controlled by one or a small handful of institutions that suppress all contrary public or institutional information and opinions.
With the rapid expansion of our digital age, such an outcome could give unrivaled power and influence over public opinion to a select group of people — suppressing democracy as a result.
With nearly 2.5 billion people on social media — or one-third of the global population — the potential repercussions are enormous. In the United States and most other developed countries, the proportion of individuals on social media is undoubtedly higher, and the effects of such censorship would be felt much harder with much more significant fallout.
While we should never underestimate the power of technology, Twitter seems to be hard at work in fighting such bots on its network.
In a statement from June 2017, Colin Crowell, Twitter’s VP of Public Policy, reassured us that the use of bots and other manipulative behaviors on the platform are strictly prohibited. Moreover, he stated that the company has actively been expanding its efforts to fight such malicious behavior in order to preserve its role of “keeping people informed about what’s happening in the world.”
“It’s worth noting that in order to respond to this challenge efficiently and to ensure people cannot circumvent these safeguards, we’re unable to share the details of these internal signals in our public API,” he wrote.
While the company is unable to share such privileged information, one thing remains clear: Twitter must step up its policing to prevent such actions from bots, as well as the unwarranted suspension of a legitimate user’s account.
This problem will likely be a difficult one, but a crucial one as well for the sake of preserving our freedom of speech.