Sorry I was hacked - A Classification of Compromised Twitter Accounts


Published on

Online social networks like Facebook or Twitter have be- come powerful information diffusion platforms as they have attracted hundreds of millions of users. The possibility of reaching millions of users within these networks not only at- tracted standard users, but also cyber-criminals who abuse the networks by spreading spam. This is accomplished by ei- ther creating fake accounts, bots, cyborgs or by hacking and compromising accounts. Compromised accounts are subse- quently used to spread spam in the name of their legitimate owner. This work sets out to investigate how Twitter users react to having their account hacked and how they deal with compromised accounts. We crawled a data set of tweets in which users state that their account was hacked and subsequently performed a su- pervised classification of these tweets based on the reaction and behavior of the respective user. We find that 27.30% of the analyzed Twitter users change to a new account once their account was hacked. 50.91% of all users either state that they were hacked or apologize for any unsolicited tweets or direct messages.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sorry I was hacked - A Classification of Compromised Twitter Accounts

  1. 1. Seite 1 1 The University of Innsbruck was founded in 1669 and is one of Austria’s oldest universities. Today, with over 28.000 students and 4.000 staff, it is western Austria’s largest institution of higher education and research. For further information visit: "Sorry, I was Hacked" A Classification of Compromised Twitter Accounts Eva Zangerle, Günther Specht
  2. 2. Seite 2 2 Motivation • Twitter • 400 mio. tweets per day • 200 mio. monthly active users • Huge crowd also attracts criminals • 355% inrease in spam on social media platforms in first half of 2013 [Nexgate] • Higher click through rates [Grier et al. 2010] • 0,003% of all promotional URLs within emails are clicked • 0,13% of all promotional URLs within tweets are clicked • Spread spam messages containing URLs of affiliate websites • 8% of all URLs posted lead to scam, malware or phishing sites [Grier et al. 2010] • 77% of all spam messages detected within one day [Grier et al. 2010]
  3. 3. Seite 3 3 Motivation • 4 main approaches for spreading spam on Twitter: • Set up (or buy) fake acount • Set up a bot • Set up a cyborg • Compromising of accounts • Reach of messages • Send direct messages, tweets in name of legitimate account owner • Exploit trust relationship between users Account Compromising Detection, Announcement of Compromising Normal Behavior Abnormal Behavior Normal Behavior
  4. 4. Seite 4 4 Goals and Research Questions • Shift the user back into focus! • How do Twitter users react after having recognized that their account was compromised? • Which actions do these users take after having been hacked? • Analysis of tweets announcing that account was compromised “If I sent you spams via DM, I’m really sorry – my account got hacked." • Analysis via Support Vector Machine classification
  5. 5. Seite 5 5 Data Set • Twitter API (Spritzer) • December 1st 2012 – July 30th 2013 • Tweets containing ("compromised" or "hacked") and "account"
  6. 6. Seite 6 6 Data Set
  7. 7. Seite 7 7 Classification Methodology • Workflow • Data cleaning • Remove non-English tweets • RT and direct messages remain • Filtering • Test and training data set created manually (5,000 tweets) • Classification via SVM • Grid search for tuning • Evaluation via 5-fold cross-validation: overall accuracy of 78.25% Data Cleaning Detection of Classes Filter Classif- ication Result
  8. 8. Seite 8 8 Categories 1. Hacked Account "Ooh looks like I've been hacked! That explains the inability to get into my account! Will be putting that right" 2. Sorry for Tweets "My Account was hacked pls ignore all the tweets I sent today. I apologize for the inconvenience" 3. Sorry for Direct Messages "If I sent you spams via DM, I'm really sorry - my account got hacked" 4. New Account "Hey guys, go follow my new account because this one is hacked and is sending out spam" 5. New Password "Very sorry everyone. My account was hacked. password changed, hopefully that does the trick" 6. Hacked by Relative / Friend "my brother hacked my account, sorry"
  9. 9. Seite 9 9 Results
  10. 10. Seite 10 10 Discussion • Twitter help pages available: • Change password • Revoke connection to third-party applications • Update password in trusted third-party applications • Guidelines for safe tweeting also available • Still: 27% of users create new account • Effort to redirect followers to new account • 21,000 ask particular users to follow back • Leave account neglected • Users are not informed properly • Users do not seek help in case of account compromising • 1.105 tweets sent to @support
  11. 11. Seite 11 11 Conclusion • Analysis of compromised user accounts on Twitter • "How do users react after their account has been compromised?" • SVM classification • 27% change to new account • 28% apologize for unsolicited tweets or direct messages • 23% state that account was hacked • User not informed properly or does not seek help
  12. 12. Seite 12 12 Questions? Contact and Social Media @eva_zangerle @dbisibk