-
Characterizing and Detecting Propaganda-Spreading Accounts on Telegram
Authors:
Klim Kireev,
Yevhen Mykhno,
Carmela Troncoso,
Rebekah Overdorf
Abstract:
Information-based attacks on social media, such as disinformation campaigns and propaganda, are emerging cybersecurity threats. The security community has focused on countering these threats on social media platforms like X and Reddit. However, they also appear in instant-messaging social media platforms such as WhatsApp, Telegram, and Signal. In these platforms information-based attacks primarily…
▽ More
Information-based attacks on social media, such as disinformation campaigns and propaganda, are emerging cybersecurity threats. The security community has focused on countering these threats on social media platforms like X and Reddit. However, they also appear in instant-messaging social media platforms such as WhatsApp, Telegram, and Signal. In these platforms information-based attacks primarily happen in groups and channels, requiring manual moderation efforts by channel administrators. We collect, label, and analyze a large dataset of more than 17 million Telegram comments and messages. Our analysis uncovers two independent, coordinated networks that spread pro-Russian and pro-Ukrainian propaganda, garnering replies from real users. We propose a novel mechanism for detecting propaganda that capitalizes on the relationship between legitimate user messages and propaganda replies and is tailored to the information that Telegram makes available to moderators. Our method is faster, cheaper, and has a detection rate (97.6%) 11.6 percentage points higher than human moderators after seeing only one message from an account. It remains effective despite evolving propaganda.
△ Less
Submitted 12 June, 2024;
originally announced June 2024.
-
DFRWS EU 10-Year Review and Future Directions in Digital Forensic Research
Authors:
Frank Breitinger,
Jan-Niclas Hilgert,
Christopher Hargreaves,
John Sheppard,
Rebekah Overdorf,
Mark Scanlon
Abstract:
Conducting a systematic literature review and comprehensive analysis, this paper surveys all 135 peer-reviewed articles published at the Digital Forensics Research Conference Europe (DFRWS EU) spanning the decade since its inaugural running (2014-2023). This comprehensive study of DFRWS EU articles encompasses sub-disciplines such as digital forensic science, device forensics, techniques and funda…
▽ More
Conducting a systematic literature review and comprehensive analysis, this paper surveys all 135 peer-reviewed articles published at the Digital Forensics Research Conference Europe (DFRWS EU) spanning the decade since its inaugural running (2014-2023). This comprehensive study of DFRWS EU articles encompasses sub-disciplines such as digital forensic science, device forensics, techniques and fundamentals, artefact forensics, multimedia forensics, memory forensics, and network forensics. Quantitative analysis of the articles' co-authorships, geographical spread and citation metrics are outlined. The analysis presented offers insights into the evolution of digital forensic research efforts over these ten years and informs some identified future research directions.
△ Less
Submitted 15 March, 2024; v1 submitted 18 December, 2023;
originally announced December 2023.
-
Characterizing Retweet Bots: The Case of Black Market Accounts
Authors:
Tuğrulcan Elmas,
Rebekah Overdorf,
Karl Aberer
Abstract:
Malicious Twitter bots are detrimental to public discourse on social media. Past studies have looked at spammers, fake followers, and astroturfing bots, but retweet bots, which artificially inflate content, are not well understood. In this study, we characterize retweet bots that have been uncovered by purchasing retweets from the black market. We detect whether they are fake or genuine accounts i…
▽ More
Malicious Twitter bots are detrimental to public discourse on social media. Past studies have looked at spammers, fake followers, and astroturfing bots, but retweet bots, which artificially inflate content, are not well understood. In this study, we characterize retweet bots that have been uncovered by purchasing retweets from the black market. We detect whether they are fake or genuine accounts involved in inauthentic activities and what they do in order to appear legitimate. We also analyze their differences from human-controlled accounts. From our findings on the nature and life-cycle of retweet bots, we also point out several inconsistencies between the retweet bots used in this work and bots studied in prior works. Our findings challenge some of the fundamental assumptions related to bots and in particular how to detect them.
△ Less
Submitted 23 March, 2022; v1 submitted 4 December, 2021;
originally announced December 2021.
-
Tactical Reframing of Online Disinformation Campaigns Against The Istanbul Convention
Authors:
Tuğrulcan Elmas,
Rebekah Overdorf,
Karl Aberer
Abstract:
In March 2021, Turkey withdrew from The Istanbul Convention, a human-rights treaty that addresses violence against women, citing issues with the convention's implicit recognition of sexual and gender minorities. In this work, we trace disinformation campaigns related to the Istanbul Convention and its associated Turkish law that circulate on divorced men's rights Facebook groups. We find that thes…
▽ More
In March 2021, Turkey withdrew from The Istanbul Convention, a human-rights treaty that addresses violence against women, citing issues with the convention's implicit recognition of sexual and gender minorities. In this work, we trace disinformation campaigns related to the Istanbul Convention and its associated Turkish law that circulate on divorced men's rights Facebook groups. We find that these groups adjusted the narrative and focus of the campaigns to appeal to a larger audience, which we refer to as "tactical reframing." Initially, the men organized in a grass-roots manner to campaign against the Turkish law that was passed to codify the convention, focusing on one-sided custody of children and indefinite alimony. Later, they reframed their campaign and began attacking the Istanbul Convention, highlighting its acknowledgment of homosexuality. This case study highlights how disinformation campaigns can be used to weaponize homophobia in order to limit the rights of women. To the best of our knowledge, this is the first case study that analyzes a narrative reframing in the context of a disinformation campaign on social media.
△ Less
Submitted 27 May, 2021;
originally announced May 2021.
-
A Dataset of State-Censored Tweets
Authors:
Tuğrulcan Elmas,
Rebekah Overdorf,
Karl Aberer
Abstract:
Many governments impose traditional censorship methods on social media platforms. Instead of removing it completely, many social media companies, including Twitter, only withhold the content from the requesting country. This makes such content still accessible outside of the censored region, allowing for an excellent setting in which to study government censorship on social media. We mine such con…
▽ More
Many governments impose traditional censorship methods on social media platforms. Instead of removing it completely, many social media companies, including Twitter, only withhold the content from the requesting country. This makes such content still accessible outside of the censored region, allowing for an excellent setting in which to study government censorship on social media. We mine such content using the Internet Archive's Twitter Stream Grab. We release a dataset of 583,437 tweets by 155,715 users that were censored between 2012-2020 July. We also release 4,301 accounts that were censored in their entirety. Additionally, we release a set of 22,083,759 supplemental tweets made up of all tweets by users with at least one censored tweet as well as instances of other users retweeting the censored user. We provide an exploratory analysis of this dataset. Our dataset will not only aid in the study of government censorship but will also aid in studying hate speech detection and the effect of censorship on social media users. The dataset is publicly available at https://doi.org/10.5281/zenodo.4439509
△ Less
Submitted 19 March, 2021; v1 submitted 14 January, 2021;
originally announced January 2021.
-
Misleading Repurposing on Twitter
Authors:
Tuğrulcan Elmas,
Rebekah Overdorf,
Karl Aberer
Abstract:
We present the first in-depth and large-scale study of misleading repurposing, in which a malicious user changes the identity of their social media account via, among other things, changes to the profile attributes in order to use the account for a new purpose while retaining their followers. We propose a definition for the behavior and a methodology that uses supervised learning on data mined fro…
▽ More
We present the first in-depth and large-scale study of misleading repurposing, in which a malicious user changes the identity of their social media account via, among other things, changes to the profile attributes in order to use the account for a new purpose while retaining their followers. We propose a definition for the behavior and a methodology that uses supervised learning on data mined from the Internet Archive's Twitter Stream Grab to flag repurposed accounts. We found over 100,000 accounts that may have been repurposed. We also characterize repurposed accounts and found that they are more likely to be repurposed after a period of inactivity and deleting old tweets. We also provide evidence that adversaries target accounts with high follower counts to repurpose, and some make them have high follower counts by participating in follow-back schemes. The results we present have implications for the security and integrity of social media platforms, for data science studies in how historical data is considered, and for society at large in how users can be deceived about the popularity of an opinion.
△ Less
Submitted 20 September, 2022; v1 submitted 20 October, 2020;
originally announced October 2020.
-
Thinking Taxonomically about Fake Accounts: Classification, False Dichotomies, and the Need for Nuance
Authors:
Rebekah Overdorf,
Christopher Schwartz
Abstract:
It is often said that war creates a fog in which it becomes difficult to discern friend from foe on the battlefield. In the ongoing war on fake accounts, conscious development of taxonomies of the phenomenon has yet to occur, resulting in much confusion on the digital battlefield about what exactly a fake account is. This paper intends to address this problem, not by proposing a taxonomy of fake a…
▽ More
It is often said that war creates a fog in which it becomes difficult to discern friend from foe on the battlefield. In the ongoing war on fake accounts, conscious development of taxonomies of the phenomenon has yet to occur, resulting in much confusion on the digital battlefield about what exactly a fake account is. This paper intends to address this problem, not by proposing a taxonomy of fake accounts, but by proposing a systematic way to think taxonomically about the phenomenon. Specifically, we examine fake accounts through both a combined philosophical and computer science-based perspective. Through these lenses, we deconstruct narrow binary thinking about fake accounts, both in the form of general false dichotomies and specifically in relation to the Facebook's conceptual framework "Coordinated Inauthentic Behavior" (CIB). We then address the false dichotomies by constructing a more complex way of thinking taxonomically about fake accounts.
△ Less
Submitted 8 June, 2020;
originally announced June 2020.
-
Can Celebrities Burst Your Bubble?
Authors:
Tuğrulcan Elmas,
Kristina Hardi,
Rebekah Overdorf,
Karl Aberer
Abstract:
Polarization is a growing, global problem. As such, many social media based solutions have been proposed in order to reduce it. In this study, we propose a new solution that recommends topics to celebrities to encourage them to join a polarized debate and increase exposure to contrarian content - bursting the filter bubble. Using a state-of-the art model that quantifies the degree of polarization,…
▽ More
Polarization is a growing, global problem. As such, many social media based solutions have been proposed in order to reduce it. In this study, we propose a new solution that recommends topics to celebrities to encourage them to join a polarized debate and increase exposure to contrarian content - bursting the filter bubble. Using a state-of-the art model that quantifies the degree of polarization, this paper makes a first attempt to empirically answer the question: Can celebrities burst filter bubbles? We use a case study to analyze how people react when celebrities are involved in a controversial topic and conclude with a list possible research directions.
△ Less
Submitted 16 March, 2020; v1 submitted 15 March, 2020;
originally announced March 2020.
-
Ephemeral Astroturfing Attacks: The Case of Fake Twitter Trends
Authors:
Tuğrulcan Elmas,
Rebekah Overdorf,
Ahmed Furkan Özkalay,
Karl Aberer
Abstract:
We uncover a previously unknown, ongoing astroturfing attack on the popularity mechanisms of social media platforms: ephemeral astroturfing attacks. In this attack, a chosen keyword or topic is artificially promoted by coordinated and inauthentic activity to appear popular, and, crucially, this activity is removed as part of the attack. We observe such attacks on Twitter trends and find that these…
▽ More
We uncover a previously unknown, ongoing astroturfing attack on the popularity mechanisms of social media platforms: ephemeral astroturfing attacks. In this attack, a chosen keyword or topic is artificially promoted by coordinated and inauthentic activity to appear popular, and, crucially, this activity is removed as part of the attack. We observe such attacks on Twitter trends and find that these attacks are not only successful but also pervasive. We detected over 19,000 unique fake trends promoted by over 108,000 accounts, including not only fake but also compromised accounts, many of which remained active and continued participating in the attacks. Trends astroturfed by these attacks account for at least 20% of the top 10 global trends. Ephemeral astroturfing threatens the integrity of popularity mechanisms on social media platforms and by extension the integrity of the platforms.
△ Less
Submitted 11 March, 2021; v1 submitted 17 October, 2019;
originally announced October 2019.
-
Subtle Censorship via Adversarial Fakeness in Kyrgyzstan
Authors:
Christopher Schwartz,
Rebekah Overdorf
Abstract:
With the shift of public discourse to social media, we see simultaneously an expansion of civic engagement as the bar to enter the conversation is lowered, and the reaction by both state and non-state adversaries of free speech to silence these voices. Traditional forms of censorship struggle in this new situation to enforce the preferred narrative of those in power. Consequently, they have develo…
▽ More
With the shift of public discourse to social media, we see simultaneously an expansion of civic engagement as the bar to enter the conversation is lowered, and the reaction by both state and non-state adversaries of free speech to silence these voices. Traditional forms of censorship struggle in this new situation to enforce the preferred narrative of those in power. Consequently, they have developed new methods for controlling the conversation that use the social media platform itself.
Using the Central Asian republic of Kyrgyzstan as a main case study, this talk explores how this new form of "subtle" censorship relies on pretence and imitation, and why interdisciplinary methods of research are needed to grapple with it. We examine how "fakeness" in the form of fake news and profiles is used as methods of subtle censorship.
△ Less
Submitted 19 June, 2019;
originally announced June 2019.
-
Questioning the assumptions behind fairness solutions
Authors:
Rebekah Overdorf,
Bogdan Kulynych,
Ero Balsa,
Carmela Troncoso,
Seda Gürses
Abstract:
In addition to their benefits, optimization systems can have negative economic, moral, social, and political effects on populations as well as their environments. Frameworks like fairness have been proposed to aid service providers in addressing subsequent bias and discrimination during data collection and algorithm design. However, recent reports of neglect, unresponsiveness, and malevolence cast…
▽ More
In addition to their benefits, optimization systems can have negative economic, moral, social, and political effects on populations as well as their environments. Frameworks like fairness have been proposed to aid service providers in addressing subsequent bias and discrimination during data collection and algorithm design. However, recent reports of neglect, unresponsiveness, and malevolence cast doubt on whether service providers can effectively implement fairness solutions. These reports invite us to revisit assumptions made about the service providers in fairness solutions. Namely, that service providers have (i) the incentives or (ii) the means to mitigate optimization externalities. Moreover, the environmental impact of these systems suggests that we need (iii) novel frameworks that consider systems other than algorithmic decision-making and recommender systems, and (iv) solutions that go beyond removing related algorithmic biases. Going forward, we propose Protective Optimization Technologies that enable optimization subjects to defend against negative consequences of optimization systems.
△ Less
Submitted 27 November, 2018;
originally announced November 2018.
-
POTs: Protective Optimization Technologies
Authors:
Bogdan Kulynych,
Rebekah Overdorf,
Carmela Troncoso,
Seda Gürses
Abstract:
Algorithmic fairness aims to address the economic, moral, social, and political impact that digital systems have on populations through solutions that can be applied by service providers. Fairness frameworks do so, in part, by mapping these problems to a narrow definition and assuming the service providers can be trusted to deploy countermeasures. Not surprisingly, these decisions limit fairness f…
▽ More
Algorithmic fairness aims to address the economic, moral, social, and political impact that digital systems have on populations through solutions that can be applied by service providers. Fairness frameworks do so, in part, by mapping these problems to a narrow definition and assuming the service providers can be trusted to deploy countermeasures. Not surprisingly, these decisions limit fairness frameworks' ability to capture a variety of harms caused by systems.
We characterize fairness limitations using concepts from requirements engineering and from social sciences. We show that the focus on algorithms' inputs and outputs misses harms that arise from systems interacting with the world; that the focus on bias and discrimination omits broader harms on populations and their environments; and that relying on service providers excludes scenarios where they are not cooperative or intentionally adversarial.
We propose Protective Optimization Technologies (POTs). POTs provide means for affected parties to address the negative impacts of systems in the environment, expanding avenues for political contestation. POTs intervene from outside the system, do not require service providers to cooperate, and can serve to correct, shift, or expose harms that systems impose on populations and their environments. We illustrate the potential and limitations of POTs in two case studies: countering road congestion caused by traffic-beating applications, and recalibrating credit scoring for loan applicants.
△ Less
Submitted 26 January, 2020; v1 submitted 7 June, 2018;
originally announced June 2018.
-
Under the Underground: Predicting Private Interactions in Underground Forums
Authors:
Rebekah Overdorf,
Carmela Troncoso,
Rachel Greenstadt,
Damon McCoy
Abstract:
Underground forums where users discuss, buy, and sell illicit services and goods facilitate a better understanding of the economy and organization of cybercriminals. Prior work has shown that in particular private interactions provide a wealth of information about the cybercriminal ecosystem. Yet, those messages are seldom available to analysts, except when there is a leak. To address this problem…
▽ More
Underground forums where users discuss, buy, and sell illicit services and goods facilitate a better understanding of the economy and organization of cybercriminals. Prior work has shown that in particular private interactions provide a wealth of information about the cybercriminal ecosystem. Yet, those messages are seldom available to analysts, except when there is a leak. To address this problem we propose a supervised machine learning based method able to predict which public \threads will generate private messages, after a partial leak of such messages has occurred. To the best of our knowledge, we are the first to develop a solution to overcome the barrier posed by limited to no information on private activity for underground forum analysis. Additionally, we propose an automate method for labeling posts, significantly reducing the cost of our approach in the presence of real unlabeled data. This method can be tuned to focus on the likelihood of users receiving private messages, or \threads triggering private interactions. We evaluate the performance of our methods using data from three real forum leaks. Our results show that public information can indeed be used to predict private activity, although prediction models do not transfer well between forums. We also find that neither the length of the leak period nor the time between the leak and the prediction have significant impact on our technique's performance, and that NLP features dominate the prediction power.
△ Less
Submitted 11 May, 2018;
originally announced May 2018.
-
How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services
Authors:
Rebekah Overdorf,
Marc Juarez,
Gunes Acar,
Rachel Greenstadt,
Claudia Diaz
Abstract:
Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of th…
▽ More
Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date.
Prior studies typically report average performance results for a given website fingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to fingerprinting and which features make them so. We find that there is a high variability in the rate at which sites are classified (and misclassified) by these attacks, implying that average performance figures may not be informative of the risks that website fingerprinting attacks pose to particular sites.
We analyze the features exploited by the different website fingerprinting methods and discuss what makes onion service sites more or less easily identifiable, both in terms of their traffic traces as well as their webpage design. We study misclassifications to understand how onion service sites can be redesigned to be less vulnerable to website fingerprinting attacks. Our results also inform the design of website fingerprinting countermeasures and their evaluation considering disparate impact across sites.
△ Less
Submitted 20 September, 2017; v1 submitted 28 August, 2017;
originally announced August 2017.
