# Meike's experience

For her Bachelor's graduation assignment, Meike Nauta, a Business & IT student, designed a model that can detect hacked Twitter accounts.

The system can figure out whether a tweet has been sent by a hacker or by the actual account owner. The model is part of Meike's bachelor's graduation research. The results were presented at the 13th International Conference on Web Information Systems and Technologies, WEBIST, in Porto, Portugal, between 25 and 27 April, 2017.

When you use Twitter, you come across spam sometimes. Twitter has a lot of measures in place to remove fake accounts used for spam. My literature research showed that 77% of fake accounts are closed by Twitter within a day, and 92% within three days.

However, it is a lot harder to detect spam when it is sent from a hacked account. Twitter accounts are constantly being hacked and it is relatively easy to do. All you have to do is briefly 'borrow' someone’s phone. Or guess their password by trying out the most common ones. A third option is to look for someone’s password after a data leak.

## TWO TYPES OF HACKERS

There are two types of hackers, one of which deliberately hacks a particular account. Someone tweeted: 'I am ugly and stupid'. It turned out an acquaintance had hacked his account to embarrass him. I also know of a case in which a hacked company suffered a decline in its stock value because of strange tweets.

The other kind wants to make money with your account, by using it to send ads or viruses. These hackers, for example, might share tweets with a misleading link that users click on – only to be hacked or to catch a virus themselves. Hackers use this technique to obtain login information that they then sell on the black market. Twitter account login details are actually worth more than credit or debit card details there.

## THE MODEL

My research focussed on Dutch Twitter accounts. I found hacked accounts by looking for tweets with messages such as 'I was hacked, those were not my messages'. Between 2013 and 2016, I found over 18,000 of these tweets. I developed a mathematical algorithm, which assesses seven features: the language the tweet was written in; the time it was sent; the type of device it was sent from (for example, an Android phone, an iPhone or a PC); whether or not there was a link in the tweet; the link's domain; the tweet frequency; and whether or not it was a re-tweet. I compared these characteristics with the situation before the hack. Did the language change? Or where tweets suddenly sent at a completely different time of day? My model assigns a score to each feature and together the scores provide 99% accuracy as to whether an account has been hacked or not.