Blog Post

The Twitter Spam Epidemic: From Pro-Saudi Bots to AdWords Click Fraud


In an effort to cut down on spam accounts influencing public opinion, Twitter has suspended a network of accounts run by bots that appeared to heavily promote pro-Saudi messages surrounding the Jamal Khashoggi scandal.

While Twitter claims to not have any evidence that the accounts were truly pro-Saudi or backed by the Saudi government, the accounts had been behaving like typical spam accounts. These accounts used hashtags to praise the crown prince of Saudi Arabia, Mohammed bin Salman, in response to the growing diplomatic rift set in motion by the Khashoggi case. Researchers suspected that there was a network of bots, or botnet, that was sharing identical content in the same order and using the same hashtags.

According to CNN, Turkish officials believe Khashoggi, a Saudi journalist, was killed inside the Saudi consulate in Istanbul and that within hours of him entering the consulate suspicion surrounding the situation arose. Investigators believe that Saudi agents associated with Prince Mohammed bin Salman killed Khashoggi. The Saudi government has denied these allegations and may be attempting to amplify that denial by using Twitter bots to spread pro-Saudi messages and to bury any dissenting hashtags.

The botnet used one hashtag that roughly translates to “message of love for Mohammed bin Salman” and another as “unfollow enemies of the nation” to flood the feeds of those following the events. According to analyst Ben Nimmo from the Atlantic Council, 96.3% of times the latter hashtag was used, it was a retweet. This high volume of retweets suggests that this was a coordinated endeavor from a farm or bots. Comparatively, hashtags about Khashoggi did not last long on the global Twitter newsfeed.

According to Marc Owen Jones, a researcher on bots and cybersecurity in the Gulf countries and a lecturer in the history of the Gulf Arabian Peninsula at Exeter University, these kind of propaganda troll accounts are becoming increasingly common. The issue of dangerous propaganda bots was a major one during the 2016 presidential election, when an influx of bots promoted then-nominee Donald Trump. With the goal of swaying public opinion through faked mass support, these bots are highly manipulative and not reflective of the true opinions of the masses.

Botnets have posed a danger to individuals and businesses alike for years, including the digital marketing industry. Data from Bot Traffic Report shows that 49% of internet traffic comes from bots. This high level of traffic not only skews the numbers for the amount of real traffic a company’s website receives, but it can cost site owners when bots attack pay per click ads on Google. The creators of the botnet are then able to commit ad fraud as they siphon money from major companies and destroy their digital marketing efforts.

These creators are almost always anonymous, making it nearly impossible to catch them in the act. To prevent the widespread effects of botnet tactics on their global platform, Twitter changed its Terms of Service in February of this year. This rule change banned tweets posted from multiple accounts that were identical or very nearly-identical, as well as mass automated retweeting.

Despite Twitter’s efforts to protect users from the influence of botnets, the pro-Saudi botnet adapted to dodge the ban’s reach. The accounts that retweeted the same message and hashtag did so sparingly, strategically choosing when to engage the Twitter newsfeed. A number of the bot accounts seem to have been on Twitter for years.

“There were some that were from 2011, some from 2014. For a bot to sit out there on Twitter for that long is kind of shocking,” said Josh Russell, a systems analyst at Indiana University who first discovered the influx of pro-Saudi botnet activity.

Written by Melissa Brewer