Latest in Culture

Image credit: weerapatkiatdumrong / Getty Images

Researcher-created Twitter bot phishes two out of three users

It reads tweets and sends targeted messages, so beware of short links!
824 Shares
Share
Tweet
Share
Save

Sponsored Links

weerapatkiatdumrong / Getty Images

Phishing, the malevolent hacker technique of getting hapless folks to click malevolent links, just got a powerful new weapon. Black Hat researchers have created a Twitter bot that reads your tweets and sends you a message catered to your interests — along with a shortened URL leading to hacktown.

Baltimore security firm ZeroFox made the SNAP_R bot as a proof-of-concept for the next generation of phishing techniques, explaining its methods in a paper released at the recent Black Hat security conference. It uses machine learning to churn through a victim's tweets and those of their followers, then sends a dynamic message relevant to their interests. It uses clustering to identify high-value targets based on social engagement, like followers and retweets, and measures the bot's success by tracking clickthrough rates. In summary, the researchers claim it to be "the world's first automated end ­to ­end spear phishing campaign generator for Twitter."

The ZeroFox team created SNAP_R as an education and security assessment tool: like many firms, they are often hired to attack clients using cutting-edge methods that real hackers would use. Machine learning is often used defensively, so this method is one of the first to turn it around to target victims in the "spear" phishing school of anti-security.

Since links in tweets are automatically shortened, users largely aren't able to sniff out shifty URL destinations, so spotting poor grammar or irrelevant content is the quickest way to suss out malevolent intent. Catering messages is a clever way to keep from arousing victim suspicions and ultimately getting them to click on links they would be too cautious to otherwise. Britain's GCHQ intelligence agency exploited this technique when it used its own innocuous URL shortener to track activists and incite pro-revolutionary messages during the Arab Spring and Iranian uprisings. That ZeroFox tricked an unbelievable two-thirds of victims into clicking links, far higher than the five to 15 percent success rate for normal phishing methods, is evidence of a serious vulnerability in social network users' security behaviors.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
824 Shares
Share
Tweet
Share
Save

Popular on Engadget

IKEA's AR furniture app now lets you preview an entire room

IKEA's AR furniture app now lets you preview an entire room

View
Google may have taken first step towards quantum computing 'supremacy'

Google may have taken first step towards quantum computing 'supremacy'

View
Nintendo seriously needs to fix multi-Switch game sharing

Nintendo seriously needs to fix multi-Switch game sharing

View
Readers relive their experiences with the original NES

Readers relive their experiences with the original NES

View
On Nintendo's 130th birthday, here are five books about its history

On Nintendo's 130th birthday, here are five books about its history

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr