Twitter Catches Cybercriminals and Google Foots The Bill
By using dozens of Twitter accounts, researchers at Texas A&M University are creating "honeypots," or fake accounts that are supposed to lure spammers, who are eager to spread malware or phish for information, to social networks. And their work is being partially supported by a research grant from an unlikely source -- one of Twitter's online competitors, Google. From the Technology Review:
The honeypot accounts, like http://twitter.com/tayBourne, automatically post updates drawn from a collection of 120,000 real tweets harvested from Twitter. The team has also deployed honeypots on MySpace, and created software that uses dummy profiles on both networks to learn about spammer tactics. "We have a bot monitor who contacts our profiles," says [ Kyumin ] Lee. "It looks at what they put in their messages and also accesses their profile to see their demographic information and past updates."
So far, Lee says, "Our 61 honeypots tempted and collected 30,867 spammers on Twitter."
The fake accounts try not to mimic a real person and are allocated to a dark address space and legitimate users are segregated from the spammers.
Lee said that most of the spammers pretend to be (surprise!) college-age females from California and (shock!) target men. Why is it so prevalent on social network sites? Social networks like Twitter and Facebook are extremely vulnerable to phishing, because users tent to trust their social networks more and due to the widespread use of URL shorteners.
Google funding research isn't new. Its Google Research Blog chronicles most of the projects it funds, including a book on text processing, human-computer social interaction and other computer science research. Ridding the world of spammers is obviously a necessity for anyone using a computer and definitely for Internet entrepreneurs, so Google's money is well-spent -- even if it also helps its competitors.
Next on Lee's research agenda on Google's dime: Facebook.