Giant Fraudulent Botnet to be Found on Twitter

The team of researchers found a three-tiered network of more than 15,000 bots used to promote the fraudlent 'scheme'
08 August 2018   220

Researchers have discovered a huge botnet that mimics under real Twitter accounts. Its accounts are used to promote fraudulent schemes using cryptocurrency.

As ITPro reports, the botnet was discovered during the research of the Duo Security team, which checked 88 million Twitter. To identify bots, malicious accounts, etc. researchers used machine learning.

The team of researchers found a three-tiered network of more than 15,000 bots used to promote the 'scheme', in which people are offered to transfer a small amount in the cryptocurrency, and then get a big profit. Over time, this network evolved for masking purposes.

Researchers said that attackers, as a rule, first create a fake account that mimics under a real account that is related to crypto-currencies, copying its name and image in the profile.

For promotion purposes, bots comment on tweets and leave a link leading to the fraudulent portal.

It turned out that the subscribers of many imitative accounts are the so-called "hub-accounts", created, in the opinion of researchers, "to give them legitimacy."

In the botnet army, there are also "bot-amplifiers" - fake accounts that put the likes of fraudulent tweets to "artificially inflate the popularity of the tweet and give legitimacy to this cryptocurrency fraud."

Malicious bot detection and prevention is a cat-and-mouse game. We anticipate that enlisting the help of the research community will enable discovery of new and improving techniques for tracking bots. However, this is a more complex problem than many realize, and as our paper shows, there is still work to be done.
 

Jordan Wright 

Principal R&D engineer, Duo

Although Twitter has recently taken a number of measures to combat such cryptocurrency fraud schemes, Duo researchers concluded that these botnets are still active. "We do not believe that the problem is solved," the publication reads.

They plan to make public the techniques described in the article, in the hope of developing new methods that will identify malicious bots and help "Twitter and other social networks remain a place for healthy online discussion and building communities."

Crypto Investor to File Lawsuit Against AT&T

Michael Terpin believes that AT&T helped scammers to still his $24M worth crypto
16 August 2018   93

In the Los Angeles District Court, a 69-page lawsuit was filed by BitAngels founder Michael Terpin against the American telecom giant AT&T. Terpin claims that the operator assisted fraudsters in "stealing digital personal data" from the account on his smartphone, which is why he lost $ 24 million in cryptocurrency, according to an official release.

According to Terpin, for seven months, there were two hacks. Initially, an attacker got access to his phone number without providing a password or correct identification data. Later, the phone number was used to steal crypto.

AT&T’s studied indifference to protecting its customers’ privacy and financial assets is a metastasizing cancer, threatening hundreds of millions of unsuspecting AT&T’s customers. Our client had no idea when he initially signed up, nor when later he was promised the highest level of security for his account, that low-level retail employees with access to AT&T records, or people posing as them, can be bribed by criminals to override every system that AT&T advertises as unassailable.
 

Pierce O’Donnell
Lead counsel for Terpin in this complaint

Michael Terpin requires AT & T to pay him $ 224 million - $ 200 million for moral damages and $ 24 million for actual theft.