Spam Attack Immediately Follows Post on Brett Kimberlin

When people argue for robust "report spam" and "report abuse" tools on social media, I always have a reservation: those tools are inevitably abused by unprincipled people who want to silence speech they don't like.

Twitter is no different. The report function on Twitter is routinely abused in an effort to attack political opponents.1

In a mildly creative twist, some abusers flood opponents with huge numbers of spam followers. Then they report the opponent to Twitter. See, buying followers is a breach of terms of service, and flooding someone with spam followers makes it appear they have bought followers. If you want to protect yourself from this, the best way is to make your account private — which achieves the abuser's goal by reducing your audience.

Today Popehat's twitter account got hit with about 20,000 spam followers in the course of a couple of hours. That attack followed, by about an hour, my posting the Popehat Signal seeking help for bloggers sued by Brett Kimberlin. Some of the bloggers sued by Brett Kimberlin have also been attacked by surges of spam followers.

But I'm sure all that is just a coincidence.

Twitter makes this extremely difficult to deal with, because it is laborious to block spam followers one by one, and because Twitter forces you to contact support via form, and yet there is no suitable form for this situation.

  1. I offer no opinion on whether one "side" or group is more likely to do this. I don't have the facts, don't think it's a useful discussion, and don't want to get into it here.  

Last 5 posts by Ken White

Comments

  1. Utterly Clueless says

    I'd say you got the guy's attention. Make sure you bring your local law enforcement folks up-do-date on the Popehat signal. He's probably swatted people before.

  2. naught_for_naught says

    So what is the mechanism for doing something like that? Do you have a bot creating email accounts that you use to support a bot creating twitter accounts that are managed with a 3rd bot?

  3. Anonymous Lurker says

    Ken – in addition to @support, you should tweet @safety and @delbius, the Twitter head of safety. That is what the other victims have done. Spambots can mass report you as a spammer, causing you to be suspended or banned.

  4. Dan Weber says

    Kimberlin, if not the creator, is certainly the archetype of swatting.

    Remember, nothing is off-limits for your enemies!

  5. Lago says

    I would contend that a reporting system that is so easily abused is not "robust." Maybe that's just me.

  6. says

    That is very much not cool.

    Black hat will stay in the Old Glider Box for now, but the option is now on the table. Unless Putin jumps in, of course, and makes me look like an idiot.

  7. MTierce says

    @naught

    You can purchase phantom followers in bulk from a variety of services. Try googling "purchase twitter followers"

    The posts here over the last few days make me glad I am not on Twitter.

  8. Jeff Johnson says

    Ah, Brett Kimberlin. The bane of my firearm and conservative blogs. How didn't I know about Popehat until recently? Ken, you are a real-life superhero. Other than Patterico who seems popular here, this post at FrontPageMag and this one over at Michelle Malkin's blog have great details about Kimberlin's history, MO, and tactics.

  9. says

    Well, my wife told me to buy a new printer, and I am going to click on your Amazon link to do it. There, does that make you feel better? Even a little bit?

  10. Ancel De Lambert says

    This is much the reason I don't play DOTA2 anymore, because the report system is massively abused by dipshits who don't realize they suck, and project their lameness on others.

  11. joshuaism says

    This is just the golden rule of the free market at work. The man with the gold makes the rules. Best of luck battling the hordes of my sister's friends making $1364 every week using their own computer from home.

  12. ketchup says

    Unfortunately your best bet for dealing with something like this is to get the tech media involved. If your problem with Twitter makes it to Slashdot, Ars Technica, etc, then suddenly a Twitter official will take a personal interest in your case. See, for example, PayPal's recent freezing, then thawing, crowd-funded game developer accounts.

    http://arstechnica.com/business/2013/09/paypal-scrambles-for-fix-after-freezing-two-more-crowdfunded-games/

    Is it fair that high-profile cases receive attention? No. But the publication of the high-profile cases eventually spurs the companies involved to seek an overall solution. In other words Ken, if you complain loudly enough, you can resolve your own case, and perhaps nudge Twitter a bit closer to implementing a better method of dealing with spam.

  13. says

    So I reckon that's why you did away with your tweet post button…that sucks.

    People of Kimberlin, Schmalfeldt and Rauhauser's ilk really need to feel the heat of a tar covered brush and the scintillating feeling of a bag of feathers descending over their tar covered bodies.

  14. Bob Brown says

    My guess: Popehat brings more to Twitter than Twitter brings to Popehat.

    Repeat after me: "Chuck you, Farley; I'll take my traffic and go home."

  15. says

    Actually, we did away with our tweet post button because the plugin that provided it decided that the best way to monetize their plugin was to impose a non-dismissible, full-screen ad popup on folks viewing through smartphones.

    *plonk*

    And I've been too busy to bother to replace it (though doing so is on my list. I've got them all on my list!).

  16. Kevin says

    So I was going to compose a brilliant, multi-thousand word response to this situation, but upon viewing the comments, I decided that my work was already done. As @Anonymous Coward said,

    Jesus, what a bunch of assholes.

    Yup. That about sums it up.

  17. En Passant says

    I agree with Utterly Clueless on Sep 17, 2013 @3:15 pm. You've got his attention.

    The problematic part is getting the attention of the providers for your accounts (ie: twitter, etc.); and especially getting the attention of competent LEOs before he decides to start SWATting you.

    The guy is dangerous, and not just as a vexatious litigant. I recommend finding a lo cal LEO with savvy, preferably a detective or investigator, not a patrolman. Explain the situation and the guy's known tactics and history to him, before the guy escalates.

  18. DSU says

    It takes about two hours to get an aggressive asshole shut down on twitter. It simply a matter of reporting them. Twitter will then send their bots and, if necessary, folks to deal with the situation.

    I realize that Libertarianism is little more then another word for folks who want special privileges, However, support is your friend here.

  19. says

    @DSU:

    I realize that Libertarianism is little more then another word for folks who want special privileges, However, support is your friend here.

    What special privileges do you assert that libertarians want?

  20. ZarroTsu says

    Well Ken, you ought to thank Kimberlin formally for providing you with 20,000 mechanical taint snorters. And for free, no less!

  21. says

    How does this guy get away with it? He was supposed to be in jail for a trillion years, he gets out, has tons of money, has every lame "frame the other guy" trick on earth (and some that aren't so lame) and nothing happens. I swear the Scientologists are going to take him out out of pure jealousy.

  22. Taliesyn says

    1) Let's keep politics out of this, folks! There are other discussion threads we can use to discuss the pros and cons of libertarianism.

    2) I would love to see that tool's site get introduced to the Low Orbit Ion Cannon. Or the goons. Either works.

  23. Daniel Taylor says

    So, how does one reliably deal with people like this who seem to have a knack for gaming the rules to their advantage?

  24. Agnelcow says

    Is there anyway to get unblocked? Totally get it, of course— I have a fake-sounding username, stock profile pic, and practically 0 tweets over the last few years— but I'd like to read your twitterings without the hassle of going to your profile.

  25. Joe Blow says

    It seems to me, Ken, that if he's going to bump up your traffic like that, you ought to figure out how to monetize the hit. 20k twitter followers – even if they are just the avatars of a convicted felon and alleged harasser – are nothing to sneeze at. Shoot dude, you oughtta make the Comments section automation friendly and encourage him to hit that for a while.

  26. Dustin says

    "Agnelcow • Sep 18, 2013 @11:19 am

    Is there anyway to get unblocked? Totally get it, of course— I have a fake-sounding username, stock profile pic, and practically 0 tweets over the last few years— but I'd like to read your twitterings without the hassle of going to your profile."

    I bet if you email Ken or whoever has blocked you and make enough sense that you sound human, you will be unblocked. False positives are one of the 'benefits' of this attack.

    Since Twitter is aware of this attack, I question how effective it is. But then, it could lead to some other kind of harassment I'm sure.

  27. Gus Bailey says

    Was it Patton that said, "Once is a shame; twice, a coincidence; three times enemy action."? Ken you make the fourth (fifth) known target within this subject matter SOI. Not subtle are they?

  28. Tony J says

    Thoroughly OT, but I'm confused. Or not understanding. IANAL. To the left of the Share Post buttons is the phrase "You are libel!" in bold type. I honestly don't recall seeing it before, and it's on all the blog entries now, or at least as far back as I have the patience to check.

    *headscratch*

  29. AlphaCentauri says

    I would suggest getting a subpoena for the IP addresses used to register all accounts that began following you on that date/time (be sure to specify time zone/daylight time, or given the time as UT).

    Then, one of your friendly neighborhood security researchers could probably tell you how those IPs relate to each other (i.e., they are part of the xyz botnet running zyx malware). They could also tell you what other mischief they have been up to. They may have honeypots that are part of that botnet that could give you more information about where the activity may have originated.

    The botnet being used to prank your twitter account could be engaged in much more legally actionable activity, like draining people's bank accounts. The owners of those accounts, in turn, would be interested in sharing that information.

    Or, the dipwad may have used his home account for all 20K registrations. Whatever.

  30. AlphaCentauri says

    Also, it's not a bad idea to contact your local law enforcement to see how knowledgeable they are about SWATting. A couple boxes of donuts and a short powerpoint presentation on SWATting for officers and 911 operators would make sure they're aware of the practice and also let them know what your voice sounds like.

  31. melK says

    … you ought to figure out how to monetize the hit. 20k twitter followers – even if they are just the avatars of a convicted felon and alleged harasser – are nothing to sneeze at.

    Only a couple of problems with that…
    1) tantamount to click-fraud; advertisers would Not Be Amused.
    2) even so, your profits would be at the expense of the advertisers, not the alleged harasser. Even assuming you don't care about the advertisers, you aren't affecting the harasser. So not a weapon, either.
    3) anything that affected the 20k spam accounts would also affect the N "true" accounts. And the spam accounts wouldn't care. Were it a weapon, has collateral damage.

  32. Tony J says

    @Sam

    Thanks. I had read those, but didn't make the connection, obvs. I understand now. I should go practice retaining what I read.

  33. Sami says

    Why does every post now have a little thing that says "You are libel!" after it? Is it connected, somehow?

    I repudiate the assertion that I am libel wholeheartedly.

  34. ElSuerte says

    First thanks for lighting the popehat signal to help those embattled bloggers, and for doing so in spite of harassment you'll get from Kimberlain's crowd. Don't forget that these guys were behind a bunch of swattings. Hopefully there is something you can do in advance with the police to mitigate swatting attempts.

    Second, doesn't this:
    "When people argue for robust "report spam" and "report abuse" tools on social media, I always have a reservation: those tools are inevitably abused by unprincipled people who want to silence speech they don't like. "

    fall under acceptable social consequences for speech? Rabble rousing to get someone's twitter account suspended is beyond the pale, but rabble rousing to get somebody fired for speech is ok?

  35. Dan Weber says

    @ElSuerte: I disagree with Ken on some of his "what are acceptable consequences for speech" posts, but there seems a significant difference between those two cases.

    It's not "Twitter, suspend this guy's account because he said something offensive." It's "Twitter, I framed this guy for a violation of your ToS, now terminate his account."

    (I don't like that first instance; I think both of those scenarios to ban someone's Twitter account should be verboten in decent society. But I have to see there is a difference between them, and admit someone who supports the first but not the second is not necessarily a hypocrite.)

  36. Sam says

    @Tony J

    Or the rest of us focus on silly quotes tangential to the point, haha.

    @Sami

    I think "You are libel" is experiencing a resurgence of popularity because it's a common shirt suggestion in the Just Tinkerin' and Thinkin' post.

  37. @cihangirb says

    Hi Ken, interesting writeup. I wanted to capture a more detailed version of the events. Could you direct message me at @cihangirb.
    Thank you!

  38. James Pollock says

    "fall under acceptable social consequences for speech? Rabble rousing to get someone's twitter account suspended is beyond the pale, but rabble rousing to get somebody fired for speech is ok?"

    There's a difference. If you get fired because an angry mob is demanding your head on a pink slip, a person made the decision that you were more trouble than you're worth, and that person is the one with whom you have a complaint (if any). If an automated system decides to suspend or cancel your account because of complaints, there isn't a human intermediary. The complaint lies with the people who've manipulated the automated system.

Trackbacks