MikeFarb Profile picture
Jun 9, 2018 23 tweets 9 min read Twitter logo Read on Twitter

The Jane Austen Russian Pornbot

I see I got your attention

Time to take down another one.

This one is interesting

Everyone please Retweet and Report

Thanks to @GwendolynIRL for sending us some additional info

A few days ago we noticed an interesting response in the comments on a thread. A tattooed woman tweeted "points of blood and". Points of blood and?
We had a closer look at Tara Charlson. We noticed a few interesting things about this account.
1. Her account description makes about as much sense as her tweets
2. Although the account has been active since 2014, she only has 18 followers.
3. She prefers the "barely there" look when it comes to clothing.
4. Her Twitter handle - @luisman81849303 - ends in eight digits and has no resemblance to user name.
5. The link in her description is unusual looking. Twichick[.]info? Never heard of that.
Going back further in her timeline we notice something interesting. In 2014 she was tweeting in Portuguese. Then for over four years there were no tweets, until very recently.
This is a hallmark of a repurposed account - possibly one that has been hacked and sold on the blackmarket. These accounts can look well-established because they apparently joined Twitter years ago.
Since both the account name and the twitter handle itself can be changed, it can be very difficult to track the origins of these accounts.
Here is a similar account. Compare the user name (Emma Oliver) to the twitter handle (@hongpiao). Note that the account was apparently created in 2012. Then scroll back in the tweets. Hmmmm…
What about the odd tweets? Where do those come from? Let's look at one of the more distinctive tweets. "Devonshire.--Edward turned hastily towards her,"
We did a Google search for that tweet and other similarly distinctive ones. Looks like Tara Charlson is quoting Jane Austen!
Then we did a Twitter search for the same sentence. Apparently Tara Charlson has some sisters with a similar love of English literature. twitter.com/search?f=tweet…
In just a few minutes we uncovered dozens of related accounts with very similar patterns. Here is a partial list:

What is the purpose of this botnet? Let's have a look at the urls used in these accounts profiles. For instance twichick[.]info. As always, it's a bad idea to click on links in iffy Twitter profiles, so we investigated this domain using the online tool VirusTotal.
And what did we find? A Russian server. Looks like it's hosting all the domains of Tara Charlson and her sister pornbots. virustotal.com/#/ip-address/2…
This is why we NEVER click on a link in a suspicious Twitter account. The server is apparently hosting some kind of malware. virustotal.com/#/url/19d3bc8b…
Once again - without too much effort - we have stumbled on a botnet. This time it's a dangerous one. In fact, Twitter is already aware that these domains are malicious. Try tweeting or DMing twichick[.]info without the brackets. Twitter will not allow you to.
What should you do when you spot suspicious activity like this?
First, again, NEVER click on a link in a suspcious account's timeline.
Second, it's always a good idea to double-check your suspicions before reporting an account. One way to do that is by asking a question and seeing if you get a human sounding response.
Once you are sure the account is a bot, Report. You can find the "report" option by going to the user's profile clicking the three small dots to the right of the page.
Since a bot is an automated account trying to pretend it's a human, the correct selection for reporting is that the account is "pretending to be me or someone else".
Twiitter limits the amount of URL's posted I. a thread. So we are going to upload and update the active bots from this thread on our website. Please visit unhackthevote.com/our-research/t…
These bots are being created as we speak. We will try to stay up to date on our website.
We are no longer recommending Blocking these Bots as Twitter has been negligent and we may need you to report again.

Lets get this one suspended. Se haver much more to publish.

Thank you for all of your help

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with MikeFarb

MikeFarb Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mikefarb1

Aug 21, 2018

So Russia has reportedly moved on from Hacking our Election Infrastructure. Moving on to other things. Don’t believe it. They are everywhere in our Election System. They know the importance of the Midterms.

And Now This!

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks were thwarted last week. The domains were associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28
"Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords."
Read 5 tweets
Aug 19, 2018
Georgia to close 75% of Black Counties Precincts!! Precincts that were all open during the Primaries. They know they have a problem. Even with the Election machines that give suspect results they know they need more help.


If this stands we need to start a major effort to provide transportation in this county. We will need drivers, volunteers and people to help distribute notices and spread the word.
This is also what we should be doing in any heavily Gerrymandered area where there is a difficulty with people traveling the long distance to their polling places.
Read 4 tweets
Jul 18, 2018

More than 250 Trump Organization Subdomains are in Communication with Computers in Russia!!

The Trump Organization, like most large organizations, has a lot of domains registered to it. Let's take a look.
Many of these domains have subdomains - like reservations.trumphotels.com. This is a normal practice. But we found something HIGHLY unusual.
Read 19 tweets
Jul 17, 2018
Remote Access Software used by ES&S Voting. They finally tell the truth. At least some of it. Thank you to @KimZetter for pursuing her initial story from February. I am afraid we are missing the bigger point here.

States have given over their Election Systems to a myriad of Private Companies. The States in many cases have absolutely no idea what is happening with their Elections.
Ask yourself why did the States notified over a year after the 2016 Election not know that they were being targeted by Russia? How is that possible? What does that mean for the possibility of having a free and fair Election?
Read 13 tweets
Jul 15, 2018

Michigan, ES&S and the Voting Machines that couldn’t count!!

Why are States Buying and Using Machines that don’t pass testing?

It is infuriating!!

All along there have been problems with electronic voting. Again and again election officials and observers have spoken up, only to be ignored.
In 2008 an election official in Oakland County Michigan noticed something alarming.with ES&S optical scan machines. Here is the story.
Read 20 tweets
Jul 14, 2018
Maryland Voter Registration System runs on Russian Owned Software! The biggest problem here is that they never knew it. How is that possible? The States have no idea who is behind the companies they give the Elections over to.


We are going to be dropping a ton of research on exactly this. Why do States willfully do this. Would a state actually know if something went bad ? Let's talk more about Spearphishing.
Every company that touches a States Voting system introduces a hundred more employees that can get hacked. Companies rely on these contracts. They aren't going to disclose what happened. Just look at VR Systems.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!