Russian Twitter bots lay dormant for months before impersonating activists

Not only did Russia's troll farm promote disinformation, a small handful tried making a buck, too.
(Getty images)

Automated Russian Twitter accounts spent months quietly lurking on the social media site before sending an initial message. But, for the propagandists who later dedicated more than a year amplifying divisise political rhetoric, it was all worth the wait.

An analysis published Wednesday by Symantec of 3,836 Twitter accounts and nearly 10 million tweets shows how Russian efforts to amplify propaganda went further than previously reported. A key finding was that the Kremlin’s Internet Research Agency thoughtfully planned its information operations, creating Twitter accounts an average of 177 days before sending the first tweet. The new research is the latest to demonstrate how Russia’s so-called troll factory patiently and methodically spread disinformation before the U.S. presidential election.

Many accounts also posed as news operations or spread content meant to antagonize U.S. citizens across the political spectrum by impersonating users affiliated with pro-Trump and Black Lives Matter movements. Accounts typically remained active for 429 days, mostly from the beginning of 2015 through August 2016, when many suddenly went quiet.

“Most accounts were primarily automated, but they would frequently show signs of manual intervention, such as posting original content or slightly changing the wording of reposted [content], presumably in an attempt to make them appear more authentic and reduce the risk of their deletion,” Symantec engineer Gillian Cleary wrote in a blog post. “Fake news accounts were set up to monitor blog activity and automatically push new blog posts to Twitter. Auxiliary accounts were configured to retweet content pushed out by the main accounts.”


The most influential account, @TEN_GOP, described itself in its biography as the “Unofficial Twitter of Tennessee Republicans. Covering breaking news, national politics, foreign policy and more. #MAGA #2A.” The account was retweeted more than 6 million times, Symantec found. The user @Crystal1Johhnson, which had 3.7 million retweets, appeared more innocuous with the description, “It is our responsibility to promote the positive things that happen in our communities.”

Symantec’s research comes amid a steady drumbeat of reports that offer more details at the ways Russian bots littered social media ahead of the election that propelled Donald Trump into the Oval Office. Research unveiled in December by Graphika and the University of Oxford revealed how many accounts sought to deter African-Americns from voting.

The U.S. sought to deter similar activity in the 2018 midterm elections by interrupting the internet access of the Kremlin-backed Internet Research Agency. Meanwhile, the National Security Agency and Cyber Command have made permanent their “Russia Small Group,” an intelligence team meant to disrupt digital threats from Moscow.

Update, June 5th: In their original report, Symantec researchers suggested that one Russian Twitter account could have earned up to $1 million by using a link shortening service that directed advertisements to users who clicked on its tweets. Symantec removed that finding from its research after BuzzFeed social media editor Craig Silverman said in a tweet that the number was inflated, and based on a flawed methodology. A Symantec spokeswoman told CyberScoop the company is investigating “some additional data,” and the other findings are not affected by this change. CyberScoop has deleted a description of those findings  from this story.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts