Stormtroopers
Researchers warn of Star Wars Twitter bot threat  iStock

Academics have found a massive, and hidden, swarm of over 350,000 Twitter bots themed around Star Wars that has laid dormant for roughly three years. They believe it is managed by a single person and could have "significant implications for cybersecurity".

Such bots are autonomous accounts that require no human input to function and spread. A group of these – in this case described as a "botnet" – can be used in the context of social media to spread fake information or spam, share links to malware or bolster follower lists.

In a research paper, Juan Echeverria and Shi Zhou of University College London (UCL), reveal how they uncovered a new Twitter botnet by accident. It had successfully evaded discovery since 2013 and evidence suggests it was the work of one single "botmaster."

Using Twitter statistics available for research purposes, the pair obtained a sample of one percent of all English speaking users – roughly six million - with the aim of better understanding how people on social networks were interacting and communicating.

Upon analysis, they found over 23,000 tweets with strikingly similar properties: updates being posted from inhabitable locations, messages coming solely from Windows phones, each account never having retweeted or mentioned another user and – most importantly – content that exclusively pushed out quotes from novelisations of the sci-fi series Star Wars.

One quotation read: "Luke's answer was to put on an extra burst of speed. There were only ten meters #separating them now." Later, the researchers used a machine learning tool to locate other accounts with the same properties and stumbled on 356,957 in total.

"They produced more than 150,000 tweets per day," explained Echeverria and Zhou.

"When the creation of new Star Wars bots stopped on 14 July 2013, all the bots suddenly fell silent and remained so ever since," they continued. "This unusual bursty behaviour suggests that the bots were orchestrated and centrally controlled by a botmaster.

"The Star Wars bots have been hidden and inactive for three years [but] the cybersecurity community should not underestimate their potential threats, especially given the size."

The botnet was able to stay hidden for a number of reasons. Firstly, it was designed to "keep a low profile" by tweeting sporadically. Secondly, by tweeting quotes that appeared to mimic a human's language. Also, many accounts had "normal" user profiles, including profile pictures.

One of the tactics to remain elusive proved to be its downfall. When analysed by a human, some of the locations on the tweets were tagged in North America and Europe but – when placed onto a world map – were found to be in "seas, deserts and frozen lands".

The path to the dark side

Even though it is a dormant network, the researchers argue that it remains a potential threat. "The fact that the Star Wars botnet has so many bots makes its potential threats serious, perhaps more serious than we have ever seen before," the paper stated.

It continued: "The Star Wars botnet is perhaps the first evidence that a single botnet can be as large as such. It's shocking that a botmaster was determined to create so many bots, and the botnet has been well hidden for three years.

"It is irresponsible to assume that the botmaster does not have any cynical or malign purpose. In fact, the best we can hope for is that the botnet was created purely for commercial gains. It is known that bots could be sold at a premium on the black market.

"What if the botmaster wants more? What if someone offers a good price for purchasing the control of the whole botnet? The cybersecurity community must appreciate and assess the potential threats of such event, so that proper remedial procedures can be developed."