Replicating Spearphishing Methods in Scholarly Research

The next speaker in this iCS Symposium is Michael Bossetta, who focusses on the specific problems of spearphishing, disinformation, and bot activity on social media platforms. Could these problems be investigated by researchers conducting a controlled, simulated cyberattack themselves?

Michael pursued this especially for the context of Twitter, which seems most conducive to such research. This drew on the Python software SNAP_R, which captures the recent tweets from a defined list of accounts and uses Markov models to generate new messages to these users that to speak to their apparent interests. Michael created a new Twitter account to post these tweets, yet this was frequently flagged as a bot, too.

The project targetted politically expressive, partisan users during the U.S. midterm election campaign, segmented by partisan affiliation (as measured by retweets). The initial 46,000 users were segmented by the number of followers, and filtered by accounts that had tweeted #MAGA or #bluewave. Of these, four batches of ten users for each ideology were finally selected.

The new account was then used to @mention them in Markov model-generated messages tailored to their interests, containing a link to what in the end turned out to be a University of Copenhagen research survey consent form. Of the first batch of Republican supporters, four out of ten users filled out the survey – but none of the subsequent batches did; ten users in total (seven Republicans, three Democrats) clicked on the survey link, however.