Thank you Herkimer Elementary for a Twitter spam case study

As my Twitter followers and other friends will know, I actively campaign against balloon releases — they litter, and harm wildlife.

This post isn’t about that, but about something odd which I discovered while doing so.

Each day, I search Twitter for people who are planning a balloon release, and politely ask them not to do it. A sufficient number to make this worthwhile, oblige.

About a year or so ago, give or take, I saw a tweet, the URL of which I have long since lost track of, saying:

Thank you Herkimer Elementary for a beautiful balloon release. Headed to Slavic Pentacostal Church.

(Both venues are in Herkimer, New York, USA, if you wondered.)

But then a while later, I saw exactly the same text tweeted by someone else. Then again by another account, a few days later, then again. This went on, week after week. Gradually, the frequency increased, and now at any time there are hundreds of recent tweets with that text:

You can try the ‘Herkimer Elementary beautiful balloon release’ search yourself.

If we examine one of the accounts tweeting that, say @janinemccormi (picked at random), we can see he’s tweeted other things:

(Interestingly, a Google image search shows that @janinemccormi’s avatar is shared with @sanevekaxu7, whose account is suspended.)

Those messages have each been tweeted by lots of other people:

(‘ASOS Topshop killlllllllling meee’ search).

and again:

(‘preciso sair e passar nos outros fcs ‘-‘ beeijos.’ search).

And so it goes on: hundreds of identical tweets, from accounts making hundreds of other duplicate tweets. You’ll be able to find plenty more examples.

Now, at the risk of casting aspersions on innocent bystanders, I think it’s safe to assume that those are not genuine accounts (or if they are, they’re compromised).

If I were Twitter, I’d be looking into this and suspending some accounts. A lot of accounts.

9 thoughts on “Thank you Herkimer Elementary for a Twitter spam case study

  1. Hanan Cohen

    What do you assume they want to gain? It’s haven’t seen any link in those accounts.

    Maybe those are the Twitter equivalent of the Number Stations?

    1. Philip John

      I see this all the time on my searches.

      Simply, it’s a way for spammers to make their spammy accounts look real. By copying the content of other tweets and adding that to a database of tweets from which their spambots can randomly select, they make themselves appear completely legitimate.

      The tweets have been written out by a real human being so in isolation they can’t be separated from auto-generated foobar, making algorithmic detection very difficult.

      You might think that they could pick up many accounts tweeting the same thing. In fact, Twitter already stops you from tweeting the same thing again within a short timeframe. However, with an estimated 5,000+ tweets sent every *second* picking out the minute fraction of those that are the same is going to be very difficult. Not only that but as the tweets Andy has found show, these can be spread over several minutes or days. I’ve seen one particular tweet repeated occasionally over several months.

      Sometimes, if I need a break from real work, I might sit there and report a bunch of them, but that’s about as useful as pissing into the wind in reality.

        1. Philip John

          Funny you say that 😉 I did once have an idea for a sort of crowd sources spam reporting thing whereby reporting a spam user would flash it up to other users to do the same, multiplying the effect of each report.

          It never went anywhere because, clearly, Twitter would destroy such a tool in no time.

  2. Foomandoonian

    I’ve seen this before, plenty of times. It’s more than just common practice, it’s an epidemic. Twitter must be aware of the problem.

    I suspect they see it as a low priority because if I you and I can read the behaviour patterns, they must also be able to, and so far they’ve done nothing (besides introduce that futile ‘report for spam’ button).

  3. Mark Norman Francis

    One that I’ve been affected by recently is a set of accounts re-posting a comment from someone that was an @-reply to me. I mark all as spam, but for reference I’ve left this example alone. I’ve had about twenty so far, averaging one every couple of days.


Leave a Reply

Your email address will not be published. Required fields are marked *

e.g. 0000-0002-7299-680X