Twitter U-turns after conferring society's highest honor – a blue check mark – on very obvious bot accounts

Inside job? Human error? Social network says it made a mistake


Twitter verified a bunch of bot accounts, granting them coveted blue check marks, and then reversed the decision, admitting it made a mistake.

The debacle swung the spotlight on the social network's system for verifying accounts, which is normally reserved for qualifying celebs, politicians, sports stars, experts, journos, and similar netizens.

A tweeter going by the handle Conspirador Norteño, who claims to fight online disinformation, found that none of the six accounts in question, created in June, had actually posted any tweets and that, for each of them, their thousand or so followers were largely the same accounts. Yet, the sextet had been verified as supposedly authentic and notable people by Twitter when they were anything but.

It all points to a network of fake users likely intended to boost particular issues or campaigns on Twitter using their special status.

"These six newly created verified accounts have 977 followers in common. One is @verified (which follows all blue-check verified accounts). The other 976 were all created on June 19th or June 20th, 2021, and all follow the same 190 accounts," Norteño tweeted on Sunday.

"These 976 accounts are part of an astroturf botnet consisting of (at least) 1,212 accounts.

"The network is split into followers, which follow the aforementioned verified accounts as well as other members of the botnet, and followees, which are followed by the other bots."

To add to the mystery, this network of fake accounts used profile pictures seemingly created by AI software: a generative adversarial network was likely behind at least some of the photos and illustrations of women and cats used as avatars. These unique images won't show up in reverse-image searches in Google or TinEye, making them more believable. If the pics were stolen from people's Instagram profiles, for instance, it would be too obvious they were bogus.

All six verified accounts have been shut down, and the rest of the network doesn't seem to be fully active, with some members tweeting stuff about Korean websites. Norteño said one verified account had self-terminated and the rest were pulled by the social network.

"We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts," a spokesperson for Twitter told The Register on Monday. "We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy."

Twitter also confirmed to The Reg what some suspected: when you apply for a verified account, you go into a queue for your particular region, and each region queue is handled separately. Thus, compared to others, some regions may be too quick, shall we say, to approve the accounts in their queues, meaning some people get verified when they shouldn't. The verified accounts in question all appeared to use the Turkish language, we note.

Alex Stamos, Facebook's former head of security, earlier speculated Twitter "might have a malicious or bribed insider," adding that "something similar happened" at Facebook-owned Instagram, in which spammers bought verified badges for their accounts. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021