Category: Analytical Tradecraft

NPC Bot Wave

Earlier today Josh Russell published a list of “NPC” accounts on Twitter. Nominally this seems to be tied to a “New Progressive Coalition”, but there are several humorous takes on the meaning of the acronym.

NPC Bots
NPC Bots

While a deadly accurate send up of Progressive sensibilities this election cycle, there were 450+ very similar accounts on the list when we started the profiling process, so it might have begun as a human wave of image board kids, but there is some sort automation at work here, which makes it interesting.

One of the strengths of our system is the ability to rapidly snapshot a group like this. We quickly collected 425 of them before they began to rename or self-suspend. We collect up to 3,200 tweets, up to 5,000 of those they follow as well as accounts following them, and we extract all mentions. Making a mention map with Gephi is typically our first step; social networks can be voluminous, while mentions are both bounded by the maximum tweet count as well as time stamped. This lets us see what activity the accounts are involved in, as well as slicing by time when appropriate.

425 NPC Bot Mentions
425 NPC Bot Mentions

These 425 sources mentioned 7,687 other accounts – a network motif we refer to as a “monkey pile”. Filtering out individual mentions left 2,333 other accounts, a 66% reduction in complexity. Sizing names by Eigenvector centrality permits us to see who they are messaging.

NPC Bot Targets
NPC Bot Targets

The @NPC691 account is key in this network and examining its timeline we see they are an early adopter of this particular meme – 72 hours before it became this general outburst.

@NPC691's First Tweet
@NPC691’s First Tweet

Collection on this took less than half an hour. If this were anything other than a harmless bit of fun, the 9,230 unique followers of these accounts are preserved, as are the 12,008 accounts they follow. We can see there are 4,793 accounts that are mutually following, so our 425 account sample may only be 10% of this total network.

Trying to do this by eye would be an impossible task. The ability to collect large amounts of information quickly and then rapidly analyze the take is key in an age of cyborgs and botnets mixing with a human operated account population.

Puzzling Over Boundaries

Much like the breakdown of Westphalian Sovereignty in the face of a well connected, easily traversed world, we are pondering just where the boundaries are on what we publish.

Best practices advice regarding Adversary Resistant Computing and Networking is broadly available, but highly variable in quality, and often not conditioned by real world experience. Communications Security advice is even more uneven. We might be educating bad actors by openly publishing, but the good guys are under the gun, and no white hat from inception thinks the way those of us who wear faded gray do. We’re going to put this content out there and count on the nonstop situational awareness required to truly excel keeping a lid on proliferation.

We publish studies on various groups, which can educate them in their failings, if they take the time to read. This is also conditioned on situational awareness and with information operations in particular, characterization is sterilizing sunlight. We use OSINT methods and release collected data in a form that facilitates others using it, but at this time the collection methods and software we use are not freely available.

Analytical Tradecraft is a matter of good systems and the right mindset to get teams using it effectively. There are guides out there, the CIA’s Psychology of Intelligence Analysis  being a well known example. There is no substitute for real world experience when it comes to Sanctioned Irregulars, and that is where we are strongest.

And Field Operations Tradecraft seems to be a bridge too far – we’re not in the business of teaching bad actors how to caper.

The you have it. @NetwarSystem provides a feed of posts here, from LinkedIn, and selected content from other sources. The contact page has advice on who is qualified as a customer and how to reach us. We look forward to hearing from those of you who truly need what we do.