Former CIA and FBI security specialist says more than 80 per cent of Twitter accounts are ‘bots’

Dan Woods bought more than 100,000 fake followers on the dark web, and says both Elon Musk and Twitter have underestimated the company’s bot problem.

David Swan

3 min read

1:45PMAugust 31, 2022.

Updated 3:04PMAugust 31, 2022

The Australian Business Network

Twitter’s former security chief hits out at platform over security concerns

More than 80 per cent of Twitter accounts are likely bots, according to former CIA and FBI cyber security specialist Dan Woods, who created a fake profile and quickly gained more than 100,000 fake followers in one weekend by purchasing them on the dark web.

Mr Woods, who studies bot traffic as part of his current role with global cyber security provider F5, told The Australian that Twitter’s bot traffic was almost certainly far greater than it has expressed publicly and greater than it believes internally.

Twitter is currently embroiled in legal action with tech billionaire Elon Musk about the number of bots on its platform.

Mr Musk’s lawyers have subpoenaed Twitter whistleblower Peiter “Mudge” Zatko, the company’s former security chief, who has accused Twitter of negligent security procedures and that it knowingly downplayed the level of bot activity on its platform, which Mr Musk has cited as a key reason for backing out of a deal to buy the company for $US44bn.

Twitter chief executive Parag Agrawal said in a Twitter thread that bots make up less than 5 per cent its “monetisable daily active users”, while Mr Musk has said that number is false and the company “failed or refused to provide” further information about spam bots on its platform.

F5 head of global intelligence Dan Woods.

In an interview, Mr Woods said he recently created a fake Twitter account to learn more about how the company handles bots.

He spent less than $1000 on the dark web to third parties and quickly gained more than 100,000 Twitter followers – all of which were fake.

“I’m not a programmer, but I watched YouTube and in a weekend I wrote a script that automatically creates accounts on Twitter without encountering any obstacles,” he said.

“There’s huge demand (for bots), there’s a marketplace to serve that demand and if I can write a bot that creates accounts on Twitter, and I’m not even a programmer, imagine what a sophisticated programmer could do.

“Twitter doesn’t want (its number of bots) to be that high, so they’re going through the motions of cancelling some accounts.

“I’m not saying they’re lying, but we’ve really studied these accounts and we’ve come to the conclusion that there are a lot more fake accounts than Twitter is letting on.”

Mr Woods added that allowing bots to proliferate anywhere, be that Twitter or other platforms, can lead to massive fraud that costs billions of dollars – and also provides tools for nations and bad actors to spread misinformation and influence political processes.

Billionaire Elon Musk has pulled away from his offer to buy Twitter. Picture: AFP

A Twitter spokesman said the company typically removed more than one million spam accounts each day, and used both public and private data to determine if an account were real or not.

“Less than 5 per cent of reported quarterly monetisable daily active usage or users (mDAU) are spam accounts,” the spokesman said.

“Twitter defines mDAU as people, organisations, or other accounts who logged in or were otherwise authenticated and accessed Twitter on any given day through Twitter.com, Twitter applications that are able to show ads, or paid Twitter products, including subscription.”

Mr Woods’ career began 30 years ago as a policeman in Phoenix, Arizona, and he eventually became an FBI agent and then a CIA cyber operations officer, before his current role as F5’s global head of intelligence.

He said the biggest misconception about those government agencies was that there was a “Jason Bourne”-type officer who did everything.

“Jason Bourne does not exist inside the CIA,” he said.

“In order for a team to accomplish everything that someone like Jason Bourne does, it takes a couple dozen people.

“You have somebody who specialises in lock defeat. You have somebody who specialises in alarm defeat. You have somebody who specialises in flaps and seals, and all they do is open packages and reseal them in such a way that nobody can tell they’ve ever been opened or resealed.

“There are dozens of other roles, of people with very specialised skills. There’s not one guy that does all those things; it’s a team of two dozen people.”

He added that the best way for Australia to address its current cyber security skills gap was for businesses to stop caring about university degrees.

“Oftentimes applicants went to Stanford and have a masters in computer science, which is impressive on paper, but I was more inclined to hire somebody who doesn’t have any degree, they’re entirely self taught and learn the science because they love it, not because they’re graded on it,” he said.

“One of the questions I like to ask is ‘how many computers do you have?’, and if they say one I’m less interested. But if someone says they have nine, that’s a far better indication of passion for the trade than getting good grades at Stanford.”