Twitter U-turns after conferring society's highest honor – a blue check mark – on very obvious bot accounts

Twitter verified a bunch of bot accounts, granting them coveted blue check marks, and then reversed the decision, admitting it made a mistake.

The debacle swung the spotlight on the social network's system for verifying accounts, which is normally reserved for qualifying celebs, politicians, sports stars, experts, journos, and similar netizens.

A tweeter going by the handle Conspirador Norteño, who claims to fight online disinformation, found that none of the six accounts in question, created in June, had actually posted any tweets and that, for each of them, their thousand or so followers were largely the same accounts. Yet, the sextet had been verified as supposedly authentic and notable people by Twitter when they were anything but.

Meet @aykacmis, @degismece, @anlamislar, @aykacti, @kayitlii, and @donmedim, a sextet of blue-check verified Twitter accounts created on June 16th, 2021. None has yet tweeted and all have roughly 1000 followers (and mostly the *same* followers).

cc: @ZellaQuixote pic.twitter.com/V82Wtu0SNr

— Conspirador Norteño (@conspirator0) July 12, 2021

It all points to a network of fake users likely intended to boost particular issues or campaigns on Twitter using their special status.

"These six newly created verified accounts have 977 followers in common. One is @verified (which follows all blue-check verified accounts). The other 976 were all created on June 19th or June 20th, 2021, and all follow the same 190 accounts," Norteño tweeted on Sunday.

"These 976 accounts are part of an astroturf botnet consisting of (at least) 1,212 accounts.

"The network is split into followers, which follow the aforementioned verified accounts as well as other members of the botnet, and followees, which are followed by the other bots."

To add to the mystery, this network of fake accounts used profile pictures seemingly created by AI software: a generative adversarial network was likely behind at least some of the photos and illustrations of women and cats used as avatars. These unique images won't show up in reverse-image searches in Google or TinEye, making them more believable. If the pics were stolen from people's Instagram profiles, for instance, it would be too obvious they were bogus.

Very few of the accounts in this network have tweeted. The majority of the tweet content is spam in Korean sent via automation service dlvr(dot)it promoting a website. As always, be wary of clicking links to unknown sites posted by dodgy accounts. pic.twitter.com/DPDnmugx0g

— Conspirador Norteño (@conspirator0) July 12, 2021

All six verified accounts have been shut down, and the rest of the network doesn't seem to be fully active, with some members tweeting stuff about Korean websites. Norteño said one verified account had self-terminated and the rest were pulled by the social network.

"We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts," a spokesperson for Twitter told The Register on Monday. "We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy."

Twitter also confirmed to The Reg what some suspected: when you apply for a verified account, you go into a queue for your particular region, and each region queue is handled separately. Thus, compared to others, some regions may be too quick, shall we say, to approve the accounts in their queues, meaning some people get verified when they shouldn't. The verified accounts in question all appeared to use the Turkish language, we note.

• Twitter nukes AI-generated twits who backed Amazon and pushed anti-union rhetoric
• Indian police visit local Twitter HQ after government spokesperson's tweet labelled as 'manipulated'
• India, Twitter brawl in public as latest content rules begin to bite
• US House Rep on cyber committees tweets Gmail password, PIN in Capitol riot lawsuit outrage

Alex Stamos, Facebook's former head of security, earlier speculated Twitter "might have a malicious or bribed insider," adding that "something similar happened" at Facebook-owned Instagram, in which spammers bought verified badges for their accounts. ®