Spooked by the scale of activity on the Chinese sites, and the potential for them to be used to compromise U.S. sites, the UCSB team examined U.S.-based crowdsourcing sites. Amazon’s Mechanical Turk may be the best known, but others have also sprung up.
“Most of those other sites have a lot of crowdturfing,” says Zhao, and the sites don’t actively shut down such tasks, as Amazon tries to do. ShortTask, the second-largest U.S. crowdsourcing site studied, was found to be 95 percent crowdturfing tasks, and helped workers get paid for over half a million astroturfing tasks in the last year. Despite Amazon’s efforts, Mechanical Turk was found to be 12 percent crowdturfing, a lower estimate than the 40 percent alleged by a study from New York University late last year.
Zhao says these sites will likely become the source of significant trouble for social networks like Twitter and Facebook, just as it has become for their Chinese equivalents.
“People are willing to do this for such small amounts, and we have seen that the results are very good,” he says. Zhao thinks that favorable economics will lead to crowdsourcing sites in China and other developing countries troubling U.S. services. ShortTask and other U.S. crowdsourcing sites with a high proportion of crowdturfing have many workers from developing countries.
“The worst thing is that this is so difficult to detect,” says Zhao. “All our security methods assume that there is a program at play, and that imposes constraints that you can detect.” Zhao’s group has previously worked to uncover spam inside Facebook, mostly a result of software bots gaining control of genuine user accounts. Facebook and other Web companies today rely on tools like Captchas or relatively simple rules able to easily spot automated accounts. “If you have a real human involved who is determined, then what you can do is really only limited by the price they are paid,” says Zhao.
Filippo Menczer, director of the Center for Complex Networks and Systems Research at the University of Indiana, is working to develop systems to detect political astroturfing on Twitter. “It’s already a hard thing to do, and probably it will get more difficult,” he says, especially as crowdsourcing services become easier to use.
Menczer’s group first built a system to detect political astroturfing in the run-up to the most recent midterm elections. It first identifies threads of political discussion circulating on Twitter, using hashtags, links, names, and sentences. Software trained to recognize both legitimate and astroturfing tweets then sifts fraudulent messages from that soup of political discussion, and even tracks their success in influencing real users.
That system was able to find automated accounts by sending carefully varying messages promoting certain political sites. But Menczer has always suspected they were missing an unknown amount of more subtle astroturfing campaigns. Looking at the origin of crowdsourced astroturfing provides another perspective, he says.
“The fact that there are websites almost dedicated to making it easy to hire people to do this is further evidence that this is happening,” says Menczer, who is working to upgrade his astroturfing detection system to analyze discussion around next year’s presidential elections.
One possible way to tackle such networks would be to follow the money, says Zhao. That would likely uncover a less distributed target. A study earlier this year found that 95 percent of the income from spam e-mail passes through just three banks, a much easier target than the millions of compromised computers sending out the unsolicited messages or the shadowy criminals coordinating them.