A young Moscovite steps out of the frigid Russian winter and sits down at his computer. Logging on to Twitter, he searches the online communication tool for the latest news about the public demonstrations forming in his city.
Like demonstrators in Iran, throughout the Arab Spring and even Occupy Wall Street before him, the young man searches with a certain keyword called a hashtag, in this case #Triumfalnaya for Moscow's Triumphal Square, to find out when and where his comrades are gathering to make their voices heard and what the police presence is like there.
But instead of reading the words of fellow protesters, the young man is inundated with hundreds of unrelated or sometimes angry, pro-government messages -- one calling an opposition leader a "headless freak" -- from unknown users inexplicably using the same hashtag. In the deluge, he can't find the information he needs.
That's a scenario that could be playing out today thanks to a simple but potentially devastating repressive Twitter tactic employed by pro-government forces in Russia and around the world meant to turn Twitter, an indispensible tool to would-be revolutionaries, against its own users, according to cyber security experts.
In the most recent case, senior threat researcher Maxim Goncharov of Trend Micro, said this week he discovered a massive Twitter spam campaign allegedly carried out by pro-Kremlin activists in Russia. At the height of the attack, Goncharov said anti-protester messages using the popular opposition hashtag #Triumfalnaya flew in at a blazing 10 messages per second, essentially burying tweets from actual protest organizers.
"People are doing this for the Kremlin. [They're] trying to bring down Twitter for a channel for communication," Goncharov told ABC News.
By flooding Twitter with a certain hashtag used by protesters, the tweets "pollute the stream" of useful information until very quickly, all relevant hashtags become "totally useless," Ethan Zuckerman, director for the MIT Center for Civic Media, told ABC News. Of course, opposition activists can simply switch to another hashtag, but with their original organizing hashtag already compromised, getting the word out about the new one would be practically impossible -- potentially dealing a strong blow to protesters trying to rally together at a certain place or time.
Goncharov said that in Russia's case, the sheer speed and quantity of the messages in Russia, along with a common limited vocabulary and irregular activity from many of the Twitter users, led him to believe many of the tweets did not come from humans, but from computers that had been taken over by an automatic bot network -- a series of computers infected with a virus, which essentially turns them into zombies at the mercy of hackers. Other experts said that perhaps most tellingly, many of the users were "eggs." (In Twitter-speak, "eggs" refer to users who have not bothered to change the profile picture, by default an egg, meaning the accounts could have been quickly created and then forgotten about until they're needed.)
Brian Krebs, a former Washington Post reporter and cyber security blogger, reported Thursday that after Goncharov posted his findings at the Trend Micro website, several internet security experts in Russia identified "thousands" of accounts rapidly posting "anti-protester or pro-Kremlin sentiments to more than a dozen hashtags and keywords that protesters are using to share news..."
"If there's real signal coming out from political dissidents in a channel I can't shut down, my goal is to make signal to noise of that channel so low that no one can bare to follow it anymore," Clay Shirky, arts professor at New York University's Interactive Telecommunications Program, told ABC News.
Twitter Attacks, Not Started in Russia: Experts
Russia is hardly the first country to see such a tactic, according to online communications experts.
Shirky said that the Iranian regime was suspected of pioneering anti-protester strategies on Twitter during the so-called "Green Revolution" in 2009. While the true worth of social media during that landmark movement has been hotly debated in the years since, it saw the emergence of the mysterious "Iranian cyber army" whose priority it was to attack opposition figures wherever they existed online, including taking them head-on on Twitter and, failing that, by reportedly temporarily taking down the whole system in December 2009.
But Zuckerman said it was government supporters in Bahrain and Syria that first truly used spamming, or trolling, to dilute protesters' message. In one particularly notorious case in Syria, an alleged bot network spammed the hashtag #Syria with anything from pro-government messages to one apparently still-active Twitter feed that simply recounts every score of every game played by the Syrian national soccer team. In October this year, a conference of Arab bloggers in Tunisia told Twitter followers to flat out not use the hashtag #Bahrain as it would result in "the nastiest trolling," according to a report by The New York Times.
"Cyberspace has emerged as a leading sphere of contestation between largely democratic forces seeking to use the Internet and related 'liberation technologies' to expand and enhance freedom, knowledge, and connectivity and autocratic states eager to stifle that potential," according to "Access Contested," an academic study of cyber freedom published by MIT Press in November.
To Zuckerman, it's a battle that won't end anytime soon.
"I would see the hijacking of a [hashtag] as just a symptom of a much larger situation and it looks pretty large indeed," Zuckerman said. "Governments… are figuring out how to fight back."
Representatives for Twitter did not return requests for comment on this report, but Zuckerman said that in the past, Twitter has taken steps to combat spamming by shutting down accounts that appear to be part of a bot network and blocking certain suspect tweets from showing up on the public feed. A representative for the Russian government in the U.S. did not immediately respond to requests for comment for this report.