CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet
1 May 2017

University of Twente student designs model to detect hacked Twitter accounts

Meike Nauta, a Business & IT student at the University of Twente, has designed a model to detect hacked Twitter accounts.

The system determines whether a tweet was sent by a hacker or by the actual owner of an account. The model is part of Ms Nauta's Bachelor’s graduation research project. The results will be published at the WEBIST conference in Porto, Portugal, which will take place from 25-27 April.

Meike Nauta explains that “When using Twitter, you’ll occasionally encounter spam.” Twitter employs a wide range of measures to remove fake accounts used for spam. According to the literature, Twitter deletes 77% of fake Twitter accounts within a day, and 92% within three days.

However, spam sent from hacked accounts is much more difficult to detect. Ms Nauta points out that “Twitter accounts are constantly being hacked. It is a fairly simple matter to hack a Twitter account. Just briefly ‘borrowing’ someone’s phone is all it takes. Or attempting to guess the password by trying all of the most commonly used passwords. A third option is to search for that person’s password, following a data breach.”

Two types of hackers

There are two types of hacker. The first one deliberately sets out to hack a specific account. Meike Nauta says “Someone tweeted the phrase ‘I’m ugly and stupid’. An acquaintance had hacked his account to make him look stupid. I also know of one case in which, after a company had been hacked, a series of strange tweets were posted from its account, leading to a fall in its share price.”

“The other type of hacker wants to make money from your account, by using it as a vehicle for advertisements or viruses. For instance, these hackers will send tweets that contain a malicious link. Any users who click it are hacked, in turn, or are infected with a virus. This enables the hackers to capture the users’ login credentials, which they then resell on the black market. These days, a Twitter account’s login credentials are worth more on the black market than a credit card or debit card.”

The model

Ms Nauta’s research focused on Dutch Twitter accounts. She was able to locate hacked accounts by searching for tweets containing messages (in Dutch) such as “I’ve been hacked, I did not post those messages.” In the period from 2013 to 2016, she discovered more than 18,000 tweets like this. Using a mathematical algorithm of her own design, Meike Nauta investigated the following characteristics. The language of the tweet, the time at which the tweet was sent, the type of device used to send the message (an Android phone, an iPhone or a PC, for example), whether the tweet contained a link (plus details of the domain of the link), the frequency of the tweets, and whether or not the tweet in question was actually a retweet. She compares these characteristics with the situation prior to the hack. Has the language changed? Or are tweets suddenly being sent at a totally different time? Based on this approach, each characteristic is allotted a score. The total value of these scores indicates – with an accuracy of 99% – whether or not an account has been hacked.


Ms Nauta says that “Following the publication of this research, I plan to show my model to Twitter, and I hope they will put it to good use. If Twitter runs this model on its servers, every time someone tweets something it will be able to check whether that tweet matches the user’s normal behavioural profile. If not, then the tweet was most likely sent by a hacker, and Twitter can respond by issuing alerts and taking further action.”

Damage prevention

Meike Nauta explains that “My system is based on detecting striking behavioural changes, something that could also be applied to other social media, such as Facebook. The model is mainly intended to help prevent a lot of damage to Tweeters. According to the literature, if a hacked account is discovered within 24 hours then the number of victims involved can be reduced by 70%. This is because tweets that contain malicious links are quickly removed, which limits the number of people impacted.”

International publication

Her supervisor, Dr Maurice van Keulen, notes that “Meike is an undergraduate who, while still studying for a degree, has written an article that has been published at international level. We actively encourage students to submit papers to international research forums. In such cases, the University of Twente covers the cost of the airfare and hotel room. On average, about two papers per year are published by students of our Bachelor's programmes. The corresponding figure for our Master's programmes is about 20 papers per year. That certainly gives a good indication of the level of our students.” Ms Nauta is currently taking a Master's programme in Computer Science.

Business & IT at the University of Twente

The English-language Bachelor's programme in Business & IT at the University of Twente offers a mix of information technology and business administration. Information technology is vital for any business. However, there is more to information technology than simply installing a computer and some software. The staff must actually be able to work with these tools. At Business & IT, you learn how to develop advanced IT systems, and how to implement them in a company environment. When developing systems, you consider those options that will benefit each and every user. The work always involves a two-pronged approach, focusing both on technology and on people.