The presentation discusses the investigation of bulk reseller panels that sell fake likes and follows on social media platforms. It also highlights the use of automation software to bypass restrictions on evaluation versions of software.
- Investigation of bulk reseller panels that sell fake likes and follows on social media platforms
- Use of automation software to bypass restrictions on evaluation versions of software
- Discovery of reseller panels being hosted on the same IP address
- Introduction of a new actor in the ecosystem called panel as a service
- Importance of focusing on content rather than the number of followers
The presenter found that 66% of the sample of reseller panels investigated were being hosted on the same IP address, which was also hosting over a thousand other websites related to the reselling of fake likes and follows. The investigation also uncovered a new actor in the ecosystem called panel as a service, which provides a platform for individuals to engage in bulk reselling of fake likes and follows without technical knowledge. The presentation emphasizes the importance of focusing on content rather than the number of followers, as fake accounts are being flagged and users are losing their followers.
This talk is the grand finale of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media.
Adopting a bottom-up approach, the thorough methodology undertook to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots’ traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity.
The potential profitability of the industry will then be discussed, as well as the revenue division in the chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain.