UC London Researchers Discover Massive Twitter ‘Star Wars’ Botnet Lying Dormant Since 2013

Like a massive army of Storm Troopers willing to follow devious commands, a pair of researchers from the University College London warn that a "large number of Twitter users are bots" that are ready to "contaminate the Twitter API stream." There are more than 350,000 in all, comprising what the researchers have named the Star Wars botnet. It has been dormant and "well hidden" since it was created in 2013.

Juan Echeverria, a research student at UC London, and his supervisor and senior lecturer Shi Zhou outlined the threat in a research paper that is awaiting approval in a scientific journal. The have not present their findings to Twitter yet for that reason. Their main concern is not that the Star Wars botnet will be used to overwhelm a target with a distributed denial of service (DDoS) attack, as many botnets are designed to do, but to flood the influential social media services with spam and fake news, manipulating public opinion in the process.

Fowl Storm Trooper
Image Source: Flickr (JD Hancock)

"A large group of bots can misrepresent public opinion. If the bots are not detected in time, they could tweet like real users, but coordinated centrally around a specific topic. They could all post positive or negative tweets skewing metrics used by companies and researchers to track opinions on that topics," the researchers note in their paper.

Echeverria and Zhou say the Star Wars botnet has been mostly dormant since 2013, with the most the content posted being benign quotes from Star Wars novels without any accompanying URLs. That drawn out process has helped the individual bots appear as real humans to avoid bot detection services.

"All the accounts were created in a short window of time, less than two months. They all behave in exactly the same way, quoting Star Wars novels including the same hashtags (and adding random hashtags to the quote). All of their tweets are marked as coming from ‘Windows Phone,’ which means that they are likely to be controlled by the API instead of the Twitter site. For reference, that source accounts for less than 0.1% of tweets normally," the researchers added.

The danger here is that if and when the botnet is activated, the bots can flood Twitter with fake trending topics, orchestrate a campaign to create a fake sense of agreement among Twitter users (known as an astroturfing attack), and other manipulative behavior. And because the botnet is so large, these types of posts would contaminate Twitter.

Thumbnail Image Source: Flickr (JD Hancock)