Threat Management

Ridding Twitter of spam bots won’t be as easy as Musk thinks

The claim that Musk disabled the Ukrainian military’s access to Starlink emerged in an upcoming book by journalist Walter Isaacson and first reported by CNN, which obtained an except detailing the episode. (Photo Illustration by Scott Olson/Getty Images)

About a week ago Elon Musk tweeted that his $44 billion bid for Twitter was “temporarily on hold,” saying that more due diligence was needed regarding Twitter’s claim that fake and spam accounts represent less than 5% of its users. 

The elimination of spam bots has become one of the main themes of Musk’s new plan. Calling himself a free speech absolutist, Musk tweeted “…we will defeat the spam bots or die trying!” Musk also said that he wants Twitter to authenticate “all real humans” on the platform.

Musk’s apparent deal to buy Twitter has put bots and their role in the spreading of misinformation back in the limelight. Anyone who uses social media, and especially Twitter, has likely fallen victim to “spam bots" and their use of automation to flood online feeds with inappropriate and misinformed content. Bad actors love spam bots because they offer the most efficient and effective way to spread malicious disinformation campaigns at scale.

Bots are not a new problem. Users have complained for years about malicious bots, misinformation, and fake accounts on nearly all social platforms. Yet, the bot ecosystem has evolved more in the past two years than in the past decade. The past couple of years in particular have seen an even larger surge of automated bot accounts used for malicious purposes – such as amplifying specific political messages and squelching opposing views through massive retweeting.

While Elon Musk has an ambitious goal of removing all spam bots from Twitter, accomplishing it will not be easy. Twitter, with some of the most brilliant minds in the security industry, has been working on this issue for years. Twitter already has strong rules on banning fake accounts that promote spambots and that violate its policies. Yet, like other social media platforms, it can’t keep up with the bot operators as they rapidly evolve and find new ways to mimic human behavior.

Today, it’s even harder to tell a good bot apart from a bad bot. Bots can easily bypass security systems and act just like humans by using highly-customized open-source automation tools. They continue to find ingenious ways to work around each new wave of defenses that are implemented.

It’s time for the security industry to make a greater effort to help organizations and social media platforms identify and protect their online business against bots. Instead of using outdated technology that makes businesses believe they are stopping bots instead of actually stopping them, online businesses need to embrace new approaches to solving the problem.

Modern security technology approaches exist today that adapt as fast as the attackers working against them while frustrating and striking back – without depending on their customers to validate that they are indeed human. The security industry needs to focus on detecting malicious automation without any reliance on outdated rule-based static defenses and the use of ineffective CAPTCHAs that are easy to bypass and add friction to the user experience. Preventing bots needs to become part of the base-level requirements for operating an online business to ensure integrity.

Until then, spam bots will remain pervasive because a motivated bot ecosystem will continue to find new ways to evade detection by retooling and reverse engineering traditional rule-based anti-bot systems that are reactive in blocking automated threats. We need to stop automation from generating fake accounts from the onset before they can damage systems.

It boils down to this: humans are the primary issue with Twitter. The bots only enable the humans to misuse and amplify social and political agendas. Misinformation, disinformation, and propaganda now reach a level of influence that was never before possible. Social media and spam bots have unfortunately created a perfect storm where the extreme and the most aggressive can have the loudest and most amplified point of view.

Musk’s vision of eliminating spam bots and taking steps toward authentication could quite possibly start to make progress toward a better and more healthy social media environment for all. However, staying ahead of an intelligent, collaborative, and motivated bot supply chain may not be as easy as Musk thinks.

Sam Crowther, founder and CEO, Kasada

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.