Anatomy of a Twitter False Flag-Spam and Dox Attack

Recently an alarming number of Twitter users have been suspended for doing nothing wrong.  This originally started in April as reported by the conservative news site Human Events and has begun to recently spiral out of control beyond the realm of politics and simple account suspensions.

The original attack is quite simple - get enough Twitter users to report a user for spam...and the target user's account is suspended.  According to Human Events this attack was originally being used by left wing liberals to silence right wing conservatives for expressing their views.  While I will not get into the political issues of this and why this goes against freedom of speech...something I will mention is that a "defense network" is being built to help protect against these attacks.

Called the Twitter Gulag Defense Network (TGDN) tips are shared among members as well as "follow backs" implemented...the idea being that the more accounts you have following you the more protected you are against people gaming the spam flag most spammers have very few followers.

Unfortunately I recently saw this attack take on a much more sinister twist against someone I frequently chat with on Twitter.  Hacking groups such as subgroups of Anonymous and other groups have begun performing these attacks while simultaneously "doxing" the target.  This attack requires coordination and timing.  The ultimate effects are quite the victim's online identity is attacked while simultaneously attacking the person in real life through harassing phone calls to the target and target's family, and in some cases, attempts to destroy their credit rating.

Using Maltego I mapped one of these "twitter censorship" networks based upon frequency of tweets exchanged and common hashtag subjects.  Note that I am not including specific account names or real names (yes I found several of their names and addresses) because unlike those who I investigated I do respect their privacy and will not reveal their personal information to the public.

The networks themselves seem to work in an interesting hierarchy.  A small group of two or three "leaders" provide target information to the rest of the network...some of which are not aware of the other parts of the network, much like a terrorist cell.  One or more groups work on gathering and posting "dox" of the person's personal information...while a much larger group works to false flag-spam the target account(s).  The groups use resources such as Tor, Pastebin, and Doxbin to coordinate their attack...often times not knowing who will actually be using the gathered information.  To increase their success often sock-puppets are used to "taunt" the person into replying...then report the person for spam.  Once enough spam reports have been received using a ratio of followers-to-reports, Twitter automatically blocks the account.

Twitchy has an excellent guide to defending yourself from the false flag-spam attacks.  As for "doxing"...the best defense is to minimize your digital footprint through your social media privacy settings as well as be vigilant for "phishing" attempts.  Should you become the victim of "doxing" it's best to involve law enforcement.

No comments:

Post a Comment