This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media.
Adopting a bottom-up approach, the thorough methodology undertaken to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots’ traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of many industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity.
The potential profitability of the industry will then be discussed, as well as the revenue division in the supply chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain. Different approaches to disrupt social media manipulation will also be discussed, giving practical insights for cybersecurity professionals, law enforcement agencies, and policy makers willing to curb this illicit industry.