A new study has discovered a vulnerability in Twitter's trending algorithm that makes the platform susceptible to astroturfing attacks.
Astroturfing attacks are when undisclosed paid employees of corporations and government organizations attempt to get their message and their views out to the public by using social media networks. To give a false appearance of natural public support to whatever the organization or party in question is trying to promote.
The researchers at the Swiss Federal Institute of Technology in Lausanne (EPFL) found that the social network does not consider whether a tweet has already been deleted when determining which keywords should be trending.
Therefore, attackers can artificially push topics up the Twitter trending list and then remove evidence of manipulation. In this attack, a selected keyword or topic is artificially promoted through a coordinated campaign to make it appear popular.
It's called “Ephemeral astroturfing,” which allows them to boost their messages by manipulating Twitter's trending algorithm.
The trending list updates every five minutes, and tweets are input into the list in time intervals. However, the algorithm does not check the list's integrity, so it does not matter whether the tweets are currently available or have been deleted.
Attackers used both bots and compromised accounts to create fake trends, including phishing apps, disinformation campaigns, and hate speech.
Twitter has acknowledged that the attacks exist, but researchers say the problem has still not been fixed.