We've all heard of phishing and spear-phishing. We've even heard of twishing and spear-twishing to a limited extent. After all, Twitter is an excellent target for social engineering due to conditioned users, anonymous connections via pseudonyms, and a lack of content filtering. For example, shortened URLs are typically flagged by detection software in e-mail, but it's almost a necessity in Twitter with the 140 character length restriction. So we have a ripe target base of users clicking on shortened URLs, but let's be honest: developing targeted tweets can be annoying. Plus, to really target users and take advantage of trust relationships, you need to map out who's following who, and that is pretty arduous given existing tools. So, we built Hypertwish, a Twitter visualization and spear-twishing framework that uses small generative grammars and a hyberbolic tree. Yaay math! This tool is also a trial of some of our existing research into computer linguistics and automated content generation, so that when Doomsday arrives, at least Skynet will be able to use social media. You'll never trust people on Twitter again.
---------------------------------- Detailed Outline ----------------------------------
I: Targeting
a) Dynamically mapping twitter accounts with the Hyperbolic Browser (part of JavaScript InfoVis Toolkit)
b) Mapping following-follower paths between Twitter accounts and building a useful target list.
c) Creating bogus accounts for testing
i) Twitter locks account automatically because of certain email domains
ii) Microsoft Live works great though for hotmail accounts
iii) Common mistakes in bogus accounts
II: Generating Content
a) @ vs. #
i) @ for targeting specific accounts, ie. spear-twishing
ii) # for potentially getting users who are searching on popular tags, ie. normal twishing
b) Autobuild content:
i) Tool utilizes a small generative grammar to develop tweet contents using a variety of options:
1) Reference previous post and reply, or generate new
2) Parse out # references from previous tweets
3) Pick from various predefined schemes
c) Sending Tweet
i) Different platforms apparently support different default display/notification options
ii) Tie in twidge for sending via multiple accounts
d) Tracking
i) Public posts instantly get checked by various bots and spiders
ii) Bots don't do a deep dive, we can limit tracking to secondary resources like frame contents
III: Demo: Hypertwish