Twitter and Pastebin take action against spammers and rogue posters

Opinion by Dan Raywood

In the last week there have been two instances of websites taking miscreants to court for apparent abuse of their services.

In the last week there have been two instances of websites taking miscreants to court for apparent abuse of their services.

The most recent was Twitter's announcement that it has "filed a suit in a federal court in San Francisco against five of the most aggressive tool providers and spammers". The micro-blogging site has had a huge problem with spam – it said its engineers "continue to combat spammers' efforts to circumvent our safeguards" – and its latest weapon is the law.

A blog posted last week said: “One challenge in battling spam is bad actors who build tools designed to distribute spam on Twitter (and the web) by making it easier for other spammers to engage in this annoying and potentially malicious activity.

“With this suit, we're going straight to the source. By shutting down tool providers, we will prevent other spammers from having these services at their disposal. Further, we hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

Calling the move "an important step forward", it said its engineering team is continuing to implement robust technical solutions that will help it proactively reduce spam, following on from scans within its link shortener as well as relying on users to report spammers.

The civil action is against defendants who are accused of distributing software tools "designed to facilitate abuse of the Twitter platform, [are] marketed to dupe consumers into violating Twitter's user agreements, or operate large numbers of automated Twitter accounts through which they attempt to trick Twitter users into clicking on links to illegitimate websites".

According to Paul Ducklin, Sophos's head of technology for Asia Pacific, one of the most prevalent tools is TweetAttacks, which was described by MoneyMakerGroup as "the ultimate Twitter auto follower, auto unfollower, tweet scraper, reply generator, auto retweeter, tweet spinner and tweet scheduler". Other sites explicitly mentioned in the lawsuit are TweetAdder and TweetBuddy.

Also last week, Pastebin announced plans to hire more staff to better police what was being posted to the site. With the website used by hacktivists for mission statements and data dumps, Pastebin currently relies on an abuse report system to alert it to material that might need to be removed, and asks its members not to post password lists, source code or personal information.

Talking to BBC News, Pastebin owner Jeroen Vader said he received an average of 1,200 abuse reports a day, and while it did not allow people to post email lists and other personal information that does not belong to them, trying to automatically filter out such pastes would be near impossible.

The announcement was not met with approval from Anonymous, who said "all aboard the censor ship" as a response.

Fortinet's Stefanie Hoffman said: “Pastebin may be cracking the whip on hackers who use the site for public data dumps. Over the years, Pastebin has become the publication tool of choice for global hacker collectives looking to publicly expose classified or otherwise sensitive information they acquire from various targeted organisations.

“Subsequently, the site has served as the dumping ground for illicitly swiped information from the FBI, the CIA, NATO, Sony, police agencies and various state and national governments, among other high-profile organisations.

“Currently, the site relies on an abuse report system that flags classified or illegal material that violates the site's terms and conditions, requiring that users refrain from posting passwords, stolen source code or other personal information. Pastebin states that anyone who fails to comply could have their IP address banned from the website and their information turned over to authorities.”

These moves are a huge step forward for the two sites. For Twitter, spam is a major problem which, it appears, is hard to iron out. Research by Barracuda Networks revealed how divulged the social network is, while any mention of popular keywords such as ‘Apple' and ‘iPad' will draw in automated spammers, often with a picture of a scantily clad woman claiming to be the person behind the account.

As for Pastebin, resources are always a challenge for any business; it has become the resource du jour for hacktivists to dump their treasure and spread their message, and its owners do not want to be associated with this. Ask any popular message-board monitor about the challenge of keeping up to date with posts, and then consider what Vader is up against.

The hiring of more people to deal with the issue is probably the best course for now, but surely automated monitoring and detection software could deal with the problem? Twitter's actions are also excellent, but I get the feeling that if "five of the most aggressive tool providers and spammers" go away, others will replace them.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events