Twitter accidentally verified at least six accounts that were likely part of a spam botnet, according to a researcher of disinformation and a new report from the Daily Dot. The accounts allegedly used fake photos created by software similar to This Person Does Not Exist as well as one photo of a cat that most likely does exist.
Twitter user Conspirador Norteño first identified the fake accounts, which had all been started less than a month ago on June 16. Norteño identified the six verified accounts as belonging to a malicious group of over a 1,000 accounts, though it’s not clear who’s behind the fake Twitter army.
“These 976 accounts are part of an astroturf botnet consisting of (at least) 1212 accounts,” Norteño tweeted on Monday.
Three of the accounts used drawings of women, two used photos of women, and one used a photo of a cat. The bio of the cat read, “Anlamislar official twitter account,” and the account had just 1,039 Twitter followers, according to a screenshot from Norteño. All six of the accounts have been taken down.
The cat photo appears on several Pinterest boards for cute cat wallpapers, and blog posts like “21 Pictures of Cats Looking Cute in Cups,” but it’s not clear who originally photographed the kitty.
“We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts. We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy,” a Twitter spokesperson told Gizmodo over email early Tuesday.
The social media company did not elaborate on who might be behind the accounts, though the accounts were reportedly sending out Korean-language spam.
This botnet uses multiple varieties of GAN-generated profile pics. (GAN = “generative adversarial network”, the AI technique used by https://t.co/AxF5723Pje.)
• 160 fake human faces (all female)
• 169 fake cats
• 183 anime pics pic.twitter.com/VYJDitjGxM— Conspirador Norteño (@conspirator0) July 12, 2021
How could so many fake accounts get verified? You guess is as good as ours, but the Daily Dot speculates there could have been someone working on the inside. Remember when Twitter briefly deleted President Donald Trump’s account in November 2017, long before his permanent ban? That was the result of an employee who couldn’t take anymore of Trump’s bullshit and suspended Trump on his last day like a hero.
In this case, there’s a chance someone inside Twitter verified these accounts for a reason. But at this point, that’s just a wild guess. The other option? Twitter’s criteria for verification are just bullshit and they’re throwing darts at a dartboard.