The Barracuda Labs Internet Security Blog

Posted by: Barracuda Labs

As part of an ongoing effort to make the Web a safer place for both business and casual users, Barracuda Labs decided to take a deeper look at one of the Web’s fastest growing social networks, Twitter. We reviewed growth drivers, usage trends and the overall crime rate, analyzing both legitimate and malicious users for 2009. Today, we published our findings as part of our Barracuda Labs Annual Report.  This report revisits an analysis completed by the team in June 2009, following the launch of TweetGrade (www.tweetgrade.com), and coincides with recent accounts of Twitter’s explosive growth – reportedly reaching 50 million tweets per day.

Our analysis is based on nearly 19 million Twitter accounts, in which we analyzed the frequency and content of tweets, user-to-user interactions, and each account’s overall activity level.

The bottom line is this: users are more active on Twitter; more users joined Twitter in 2009 following a massive influx of celebrities to the site; and sure enough, the criminals followed the users in a forceful way causing the overall Twitter Crime Rate to spike.

So let’s dig into the results…

HOW PEOPLE ARE USING TWITTER

Twitter Follower vs. Following Trends – What’s a True Twitter User?

Notably, people are using Twitter more actively. For the purpose of this exercise, we define a True Twitter User as someone who has three main attributes:

1. Has at least (≥) 10 followers
2. Follows at least (≥) 10 people
3. Has tweeted at least (≥) 10 times

Interestingly, our study shows that only 21 percent of Twitter users fall within our definition parameters and are True Twitter Users.

What do we mean by “more active” on Twitter? Essentially, this means that:

• Users are following more user accounts
• Users are being followed back by more user accounts and more often
• Users are tweeting more.

Today, only 17 percent of Twitter users have zero followers, which is a 40 percent increase in the number of users that now have “more” followers (i.e. ≥ 10 followers) when compared to 30 percent in June 2009.

Our analysis also found:

• 26 percent of users now have at least (≥) 10 followers, showing a 30 percent increase since June when only 20 percent of users had at least (≥) 10 followers.
• 40 percent of users are following at least (≥) 10 user accounts, showing an 18 percent increase since June.
• 27 percent of users have tweeted 10 times or more, showing a 29 percent increase since June.

Additionally, today there is a trend toward users actually using Twitter as a two-way communication tool versus as an RSS feed or “information fire hose.”  In fact, 36 percent of Twitter users today have more followers than the accounts they are following, showing an 80 percent increase since June when that number was only 20 percent.

Twitter Users More Active

Not only are people becoming more connected on Twitter, they also are becoming more active:

• 27 percent of users have tweeted at least (≥) 10 times, which is a 29 percent increase since June.
• Moreover, today there are 34 percent of users who have not tweeted since they created an account. While that still seems like a fairly high percentage of inactive accounts, it shows an eight percent decrease (down from 37 percent) since June 2009, demonstrating that people are becoming more active.

What’s even more interesting is that the most active users on Twitter are not the ones with the most followers.

• Users with an average of 1,000 followers actually tweet the most, as compared to those with fewer than 100 followers or more than 100,000 followers.

TWITTER GROWTH & THE TWITTER RED CARPET ERA

Further, some remarkable trends emerge as we review how Twitter’s growth has taken shape. Based on when a member joined Twitter, we plotted a Twitter growth chart. This chart illustrates a very concentrated growth spurt during the early part of 2009 – a time period which we define as the “Twitter Red Carpet Era.”

The Twitter Red Carpet Era falls between November 2008 and April 2009. This is the period of time during which a handful of ‘celebrities’ – including 27 of the top 50 and 48 of the top 100 most followed Twitter users – joined.

• In the beginning of 2008, Twitter was growing approximately 0.31 percent per month. By November 2008, that growth increased to 1.95 percent per month.
• After December 2008, Twitter’s growth exploded from nearly two percent per month, and rising to approximately three-to-four percent per month, before finally peaking at nearly 20 percent per month in April 2009.
• At the end of the “Twitter Red Carpet Era,” growth appears to have normalized, dropping back to 0.34 percent by December 2009.

The following graph illustrates the Twitter Red Carpet Era and the significant impact that these celebrities had on Twitter’s growth as they brought their fan bases with them from the real world to Twitter.

TWITTER CRIME RATE

As millions of users flocked to Twitter during the Twitter Red Carpet Era, so too did the criminals. During this time, numerous accounts were used for malicious purposes such as poisoning trending topic threads with malicious URLs (hidden by the ever popular URL shortening services) aimed at luring Twitter users to sites carrying malware or other malicious content.

The Twitter Crime Rate is defined as the percentage of accounts created per month that are eventually suspended for malicious or suspicious activity, or otherwise misused.

• In 2006, the Twitter Crime Rate was only 1.2 percent.
• By 2007, the Twitter Crime Rate increased slightly to 1.7 percent.
• In 2008, the Twitter Crime Rate averaged around 2.2 percent.

During the Twitter Red Carpet Era, the Twitter Crime Rate increased from 2.02 percent to 3.36 percent, showing a 66 percent increase in the overall Twitter Crime Rate.

As more users joined Twitter in 2009, the Twitter Crime Rate continued to escalate reaching 12 percent     in October 2009. This means that one in eight accounts created was deemed to be malicious, suspicious or otherwise misused and was subsequently suspended – clearly showing that the criminals do, in fact, follow the users online.

Twitter’s proactive response to keep its users’ social networking experience safe is admirable; however, it remains unclear how efficient Twitter is in detecting a malicious account.

Why should you care about how Twitter is used?

At Barracuda Labs, we’re constantly monitoring the Web ecosystem and tracking new trends in malware and other attacks.  Social networking platforms like Twitter and Facebook provide a perfect opportunity for attackers to find their victims, leveraging what users assume to be a “safe” environment. This is evident through the Twitter Crime Rate mentioned above. Attackers employ various techniques to build up their follower list, poison trending topic threads, or initiate other campaigns which can increase the visibility of their tweets, and therefore draw users in to suspicious sites, malicious downloads or other malevolent activity. As social networks continue to gain momentum – and millions of users – there is no doubt that criminals will look to create more sophisticated and serious social engineering attacks against unsuspecting users.

For a deeper dive into these social networking, Web and email attacks, download the Barracuda Labs Annual Report or feel free to drop us a line in the comments section below. We look forward to working with you to solve these problems and make the Web a safer place for corporate and casual users. Meanwhile, be sure to think twice before following someone you don’t know and check out their user profile at TweetGrade.com.