research-article

Understanding compromised accounts on Twitter

Authors:

Courtland VanDam,

Pang-Ning TanAuthors Info & Claims

WI '17: Proceedings of the International Conference on Web Intelligence

Pages 737 - 744

https://doi.org/10.1145/3106426.3106543

Published: 23 August 2017 Publication History

Abstract

Social media has become a valuable tool for hackers to disseminate misinformation through compromised accounts. A compromised account is an account accessed by a third party without the user's knowledge. Previous studies have found 13% of online adults experienced their social media accounts compromised. Since compromised accounts can have a significant adverse impact on the social media sites, this has led to the growing research on detecting compromised accounts. However, previous works are limited as they either focus on the detection of hacked accounts for spamming and phishing activities or utilize only twitter content information. In this paper, we performed a systematic study on compromised accounts in Twitter by identifying who compromise the accounts; what information they share, and what patterns their tweets present. Our findings suggest that the accounts can be compromised by two different types of hackers and the content they post tend to follow several common themes. We also showed that, in addition to the text content of the tweets, there are other meta-information that can be exploited to help improve the detection of compromised accounts.

References

[1]

Applied Logistic Regression Analysis.

[2]

Tripwire Guest Authors. 2015. What Happens to Hacked Social Media Accounts. Tripwire (2015). https://www.tripwire.com/state-of-security/security-awareness/what-happens-to-hacked-social-media-accounts/.

[3]

Fabrício Benevenuto, Gabriel Magno, Tiago Rodrigues, and Virgílio Almeida. 2010. Detecting spammers on twitter. In In Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS.

[4]

Qiang Cao, Xiaowei Yang, Jieqi Yu, and Christopher Palow. 2014. Uncovering Large Groups of Active Malicious Accounts in Online Social Networks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 477--488.

Digital Library

[5]

Twitter Help Center. 2014. My account has been compromised. (2014). https://support.twitter.com/articles/31796-my-account-has-been-compromised.

[6]

Zi Chu, Indra Widjaja, and Haining Wang. 2012. Detecting Social Spam Campaigns on Twitter. In Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS'12). Springer-Verlag, Berlin, Heidelberg, 455--472.

Digital Library

[7]

Anthony Cuthbertson. 2016. Hackers Hijack ISIS Twitter Accounts With Gay Porn After Orlando Attack. Newsweek (2016).

[8]

Manuel Egele, Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2013. COMPA: Detecting Compromised Accounts on Social Networks. In ISOC Network and Distributed System Security Symposium (NDSS).

[9]

Fréderic Godin, Viktor Slavkovikj, Wesley De Neve, Benjamin Schrauwen, and Rik Van de Walle. 2013. Using Topic Models for Twitter Hashtag Recommendation. In Proceedings of the 22Nd International Conference on World Wide Web (WWW '13 Companion). 593--596.

Digital Library

[10]

Chris Grier, Kurt Thomas, Vern Paxson, and Michael Zhang. 2010. @spam: the underground on 140 characters or less. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10). ACM, 27--37.

Digital Library

[11]

Xia Hu, Jiliang Tang, Huiji Gao, and Huan Liu. 2014. Social Spammer Detection with Sentiment Information. In Proceedings of the 2014 IEEE International Conference on Data Mining (ICDM '14). 180--189.

Digital Library

[12]

Rodrigo Augusto Igawa, Alex Marino Goncalves de Almeida, Bruno Bogaz Zarpelao, and Sylvio Barbon, Jr. 2015. Recognition of Compromised Accounts on Twitter. In Proceedings of the Annual Conference on Brazilian Symposium on Information Systems: Information Systems: A Computer Socio-Technical Perspective - Volume 1 (SBSI 2015). Brazilian Computer Society, Porto Alegre, Brazil, Brazil, Article 2, 6 pages. http://dl.acm.org/citation.cfm?id=2814058.2814061

Digital Library

[13]

Gary G. Koch J. Richard Landis. 1977. The Measurement of Observer Agreement for Categorical Data. Biometrics 33, 1 (1977), 159--174.

[14]

Zongyang Ma, Aixin Sun, and Gao Cong. 2012. Will This #Hashtag Be Popular Tomorrow?. In Proceedings of the 35th International ACM SIGIR Conference on Research and Development in Information Retrieval (SIGIR '12). 1173--1174.

Digital Library

[15]

David Mack. 2014. New York Gay Bar Claims It Was Hacked After Angry Tweets To Bill De Blasio And Al Sharpton. BuzzFeed News (2014).

[16]

Jennifer Marshall. 2016. Nearly Two-Thirds of U.S. Adults with Social Media Accounts Say They Have Been Hacked. Technical Report.

[17]

Scott Menard. 2011. Standards for Standardized Logistic Regression Coefficients. Social Forces 89, 4 (2011), 1409--1428.

[18]

Kenneth Olmstead and Aaron Smith. 2017. Americans and Cybersecurity. Technical Report. Pew Research CCenter.

[19]

The Associated Press. 2016. U.S. indicts 3 it ties to Syrian Electronic Army for hacking. AP in the News (2016).

[20]

Richard Shay, Iulia Ion, Robert W. Reeder, and Sunny Consolvo. 2014. "My Religious Aunt Asked Why I Was Trying to Sell Her Viagra": Experiences with Account Hijacking. In Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems (CHI '14). ACM, New York, NY, USA, 2657--2666.

Digital Library

[21]

Ge Song, Yunming Ye, Xiaolin Du, Xiaohui Huang, and Shifu Bie. 2014. Short Text Classification: A Survey. Journal of Multimedia 9, 5 (2014), 635--643.

[22]

Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting Spammers on Social Networks. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10). ACM, New York, NY, USA, 1--9.

Digital Library

[23]

Mike Thelwall, Kevan Buckley, Georgios Paltoglou, Di Cai, and Arvid Kappas. 2010. Sentiment in Short Strength Detection Informal Text. J. Am. Soc. Inf. Sci. Technol. 61, 12 (Dec. 2010), 2544--2558.

Digital Library

[24]

Kurt Thomas, Chris Grier, Dawn Song, and Vern Paxson. 2011. Suspended Accounts in Retrospect: An Analysis of Twitter Spam. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (IMC '11).

Digital Library

[25]

Kurt Thomas, Frank Li, Chris Grier, and Vern Paxson. 2014. Consequences of Connectivity: Characterizing Account Hijacking on Twitter. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 489--500.

Digital Library

[26]

Oren Tsur and Ari Rappoport. 2012. What's in a Hashtag?: Content Based Prediction of the Spread of Ideas in Microblogging Communities. In Proceedings of the Fifth ACM International Conference on Web Search and Data Mining (WSDM '12). 643--652.

Digital Library

[27]

Anthony J. Viera and Joanne M. Garrett. 2005. Understanding interobserver agreement: The kappa statistic. Family Medicine 37, 5 (5 2005), 360--363.

[28]

Beidou Wang, Can Wang, Jiajun Bu, Chun Chen, Wei Vivian Zhang, Deng Cai, and Xiaofei He. 2013. Whom to Mention: Expand the Diffusion of Tweets by @ Recommendation on Micro-blogging Systems. In Proceedings of the 22Nd International Conference on World Wide Web (WWW '13). 1331--1340.

Digital Library

[29]

Chao Yang, Robert Harkreader, Jialong Zhang, Seungwon Shin, and Guofei Gu. 2012. Analyzing Spammers' Social Networks for Fun and Profit: A Case Study of Cyber Criminal Ecosystem on Twitter. In Proceedings of the 21st International Conference on World Wide Web (WWW '12).

Digital Library

[30]

Eva Zangerle and Günther Specht. 2014. "Sorry, I Was Hacked": A Classification of Compromised Twitter Accounts. In Proceedings of the 29th Annual ACM Symposium on Applied Computing (SAC '14). ACM, New York, NY, USA, 587--593.

Digital Library

Cited By

O. AA.A. O(2024)The Effect of Data Compromises on Internet Users: A Review on Financial Implication of the Elderly in the United StatesAfrican Journal of Social Sciences and Humanities Research10.52589/AJSSHR-OKHMXSPY7:1(28-37)Online publication date: 7-Jan-2024
https://doi.org/10.52589/AJSSHR-OKHMXSPY
Kunling HFenghua LWang JZhang HZhao Y(2024)AB-TCAD: An Access Behavior-Based Two-Stage Compromised Account Detection Framework2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619828(104-112)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619828
Lee JChoi HYoon JKim S(2023)An Empirical Analysis of Incorrect Account Remediation in the Case of Broken AuthenticationIEEE Access10.1109/ACCESS.2023.334341111(141610-141627)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3343411
Show More Cited By

Index Terms

Understanding compromised accounts on Twitter
1. Information systems
  1. Information systems applications
    1. Data mining
  2. World Wide Web
    1. Web applications
      1. Social networks

Recommendations

On the Analysis of Twitter Spam Accounts in Saudi Arabia

Twitter spam accounts try to spread malicious content, deceive or advertise certain thoughts over Twitter network. Different approaches have been presented both in industry and academia to identify spammers on Twitter. This study aims at understanding ...
Classification of Twitter Accounts into Targeting Accounts and Non-Targeting Accounts
HT '16: Proceedings of the 27th ACM Conference on Hypertext and Social Media

In this paper, we propose a method for classifying Twitter accounts into non-targeting accounts, which post messages to the general public, and targeting accounts, which post messages to specific people. For example, an account posting general news ...
UbCadet: detection of compromised accounts in twitter based on user behavioural profiling
Abstract
Online Social Networks(OSNs) are generally at the risk of many potential dangers. Malicious attackers use compromised OSN accounts to spread fake news, to send spam messages and to promote malicious applications which in turn lead to substantial ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WI '17: Proceedings of the International Conference on Web Intelligence

August 2017

1284 pages

ISBN:9781450349512

DOI:10.1145/3106426

Conference Chair:
Amit Sheth
Wright State University GuoROLE@GENERAL CHAIR
,
General Chairs:
Axel Ngonga
Leipzig University, Germany
,
yin Wang
Chongqing University of Posts and Telecommunications, China
,
Elizabeth Chang
The University of New South Wales, Australia
,
Dominik Ślęzak
Infobright Inc. & University of Warsaw, Poland
,
Bogdan Franczyk
Leipzig University, Germany
,
Program Chairs:
Rainer Alt
Leipzig University, Germany
,
Xiaohui Tao
University of Southern Queensland, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGAI: ACM Special Interest Group on Artificial Intelligence
TCII: IEEE Computer Society Technical Committee on Intelligent Informatics
Web Intelligence Consortium

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

WI '17

Sponsor:

SIGAI
TCII

WI '17: International Conference on Web Intelligence 2017

August 23 - 26, 2017

Leipzig, Germany

Acceptance Rates

WI '17 Paper Acceptance Rate 118 of 178 submissions, 66%;

Overall Acceptance Rate 118 of 178 submissions, 66%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
367
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

O. AA.A. O(2024)The Effect of Data Compromises on Internet Users: A Review on Financial Implication of the Elderly in the United StatesAfrican Journal of Social Sciences and Humanities Research10.52589/AJSSHR-OKHMXSPY7:1(28-37)Online publication date: 7-Jan-2024
https://doi.org/10.52589/AJSSHR-OKHMXSPY
Kunling HFenghua LWang JZhang HZhao Y(2024)AB-TCAD: An Access Behavior-Based Two-Stage Compromised Account Detection Framework2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619828(104-112)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619828
Lee JChoi HYoon JKim S(2023)An Empirical Analysis of Incorrect Account Remediation in the Case of Broken AuthenticationIEEE Access10.1109/ACCESS.2023.334341111(141610-141627)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3343411
Neil LBouma-Sims ELafontaine EAcar YReaves BChiasson S(2021)Investigating web service account remediation adviceProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563591(359-376)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563591
Moh MYen SMoh T(2021)Detecting Compromised Social Network Accounts Using Deep Learning for Behavior and Text AnalysesInternational Journal of Cloud Applications and Computing10.4018/IJCAC.202104010611:2(1-13)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.4018/IJCAC.2021040106
Coates A(2021)Academic journals' usernames and the threat of fraudulent accounts on social mediaLearned Publishing10.1002/leap.143035:2(140-148)Online publication date: 3-Dec-2021
https://doi.org/10.1002/leap.1430
Wang CZhu H(2020)Representing Fine-Grained Co-Occurrences for Behavior-Based Fraud Detection in Online Payment ServicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.2991872(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.2991872
Seyler DLi LZhai CAlhajj R(2020)Semantic text analysis for detection of compromised accounts on social networksProceedings of the 12th IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining10.1109/ASONAM49781.2020.9381432(417-424)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1109/ASONAM49781.2020.9381432
PV SBhanu S(2020)UbCadet: detection of compromised accounts in twitter based on user behavioural profilingMultimedia Tools and Applications10.1007/s11042-020-08721-zOnline publication date: 21-Mar-2020
https://doi.org/10.1007/s11042-020-08721-z
Eisa RLabib MElMougy A(2019)SOS: Save Our Social Network Accounts2019 IEEE 17th World Symposium on Applied Machine Intelligence and Informatics (SAMI)10.1109/SAMI.2019.8782731(43-48)Online publication date: Jan-2019
https://doi.org/10.1109/SAMI.2019.8782731
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten