Kurt Thomas presented one of our recent research papers at USENIX Security 2013 (in Washington, DC). The paper is available here, and USENIX will be putting the talk online. The other content is available from the USENIX Security site and is free.
Several news articles have been written about it, here’s a few:
As far as our work goes, this continues our line of research looking at the abuse of social networks. We have documented abuse in several forms before (CCS’10, S&P’11, IMC’11, LEET’12), but the goal with this project was to develop an understanding of how accounts are created in bulk, as well as the market for these accounts.
We set out to perform this study by buying accounts from the underground market. Once we started buying accounts, we determined that we could build a classifier to retroactively identify accounts that came from any of the merchants we had bought accounts from. This let us examine several aspects of the automation infrastructure that enables this marketplace, such as IP address diversity, captcha solving rates, and others. In all, the classifier found millions of accounts that had been created by the 27 merchants we bought from (with the top few merchants responsible for the vast majority). Twitter then suspended the accounts we identified in several large batches.