Part Four – The Timeline
It has been a couple of months since Steven Lundgren was looking at his Twitter “followed by” list and discovered the group of bots. The group was more than just followers; these were filled with messages promoting a variety of content. When Steven sifted through his odd new followers and became aware of the content, he found listings on a variety of subversive topics and methods: inciting racism, how to make explosives, “illegal” links to fake suppliers of explosive materials, weapons, guns and knives, how to make and use poisons, attacks on infrastructure including dams, the electrical grid and water treatment plants.
Needless to say, Steve was shocked by of the subject matter and alerted Twitter, FBI, DHS, and other law enforcement officials.
After a few more days of monitoring, Steven knew something wasn’t right and began to reach out to the communities of different social media platforms. After collecting more data from the followers, Steven decided to reach out to Patriots’ Soapbox community on YouTube.
The timing couldn’t have been better. He came into the Patriots’ Soapbox YouTube channel during “Freedom Rings” a call-in show hosted by Pamphlet Anon, the channel owner. Patriots using Discord can connect and discuss topics on air with hosts.
Steven thought this to be a great time and place to share what he had found to a large audience of Patriots. He logged into his Discord account and called in to tell what he had found. As Steven was relating his experience when Pamphlet abruptly interrupted him saying, “wait, what?”
I was part of the audience during this interview and when Pamphlet uttered those words I started paying closer attention as did the many others watching the engagement. This might be something to pay attention to, I thought. Little did I know what would come next.
Steven’s call was a shocker to Pamphlet and as they continued the conversation, Steven went on to describe what he had found and ask the audience to check their Twitter accounts for the type of followers he had found. He asked the audience to contact him and tweet them to his Twitter account if they found similar material.
As Pamphlet and Steve discussed this, audience began checking their own accounts and found exactly what Steven had described. Within that program, several reported seeing similar followers and forwarded them to Steven.
Pamphlet realized this was an issue that needed to be followed and asked Steven if he would like to have some help from the PSB (Patriots’ Soapbox) researchers to see what these followers were. Steven eagerly accepted the offer.
Pamphlet put out a call to action and contacted a few researchers to help investigate the unethical actions and documents.
A team was created consisting of Pamphlet, Steven Lundgren (data collector and researcher), Trip Elix (data analysis and researcher), other researchers (experts in deep digging of information) and me (report and document the findings). The team created, they were ready to start the investigation.
Steven established the starting point of the research by documenting other followers sent to him and adding them to his existing list. The number of accounts continued to increase hour by hour. There was a consensus made that these followers were indeed bot accounts.
While Steven continued to collect the bot information, Trip started his part of the investigation by getting the links included in the content of the bots in question.
With the list created by Steven, Trip was able to query the links he had gotten using “Whois”, which revealed the domain name and the name of the individual or company that registered the domain.
As more bots were identified there was a marked increase in the number of occurrences of bot activity. Trip and Steven created a scraper that automated the collection of new bots as they were dispatched to various Twitter user accounts.
After intercepting thousands of new bot accounts, Steven and Trip simultaneously were blocked from accessing the new bots created. This tipoff was a mistake that the controller of the bots made. Though blocking them from accessing the activity of the bots was a temporary roadblock, it also confirmed that there was deliberate control of the bots.
The pattern of the attack bots poses another question. Why do the bots select certain accounts to infiltrate?
To answer that question we need to understand the level of technology reached this past decade. Much of the technology used is Artificial Intelligence (AI).
AI, in reality, is nothing more than learning by input started by a human. One might say, their first mistake. After the initial human input or instructions, AI can analyze input which in turn assists the creation of an algorithm.
Algorithms are nothing new. They have been in existence for a long time. They help to simplify complex mathematics to achieve a solution. They also use mathematical constants and variables that are needed to solve the problem or task.
In the case of the bots experienced during this investigation, they are employed to send a message or messages by following Twitter users, in this case. After the bot has gotten onto the user’s “followed by” list, the bot collects user data and studies the user’s online behavior. While the data is collected, the bot in turn sends the information back to its controller. The initial parameters of the data to be contained in the algorithm which the controller now creates is then compiled. The AI examines and then creates it from a variable which in turn assists in the control of the bots by searching for other accounts to embed itself after being programmed.
The majority of the links contained in the bot’s tweets resided on domains registered to Peter Orum, a person with experience in both internet technology and AI.
An example of Trip Elix’ research to identify the domain of a web link turns up the following:
Registrar WHOIS Server: www.launchpad.com
Registrar URL: www.launchpad.com
Registrar: Launchpad.com Inc.
Registrar IANA ID: 955
Registrar Abuse Contact Email: firstname.lastname@example.org
Registrar Abuse Contact Phone: +1.8669642867
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C33D29BE2DA294F3795F99E752C54F0D0-NSR
Registrant Name: Peter Orum
Registrant Organization: None
Registrant Street: 223 N Guadalupe St
Registrant City: Santa Fe
Registrant State/Province: NM
Registrant Postal Code: 87501
Registrant Country: US
Registrant Phone: +1.5052166033
Registrant Phone Ext:
Registrant Fax Ext:
Registrant Email: email@example.com
Why would Peter Orum list a UPS store as Registrant’s address? Interesting to say the least. Sure, many companies use a Post Box as a place where a small, sometimes unethical, illegal, or business address.
In light of what the PSB research team has been investigating, it would seem unlikely that Peter Orum, with his experience, would have a legitimate business from a Post Office Box unless it is a shell company? It does match a pattern of the true intent of a person that may be hidden while being employed by another company.
The research team has zeroed in on the entity that has been illegally collecting data from unsuspecting individuals, creating profiles of all, perhaps even creating a social score.
Exposure of the companies or entities is still being investigated by both the PSB research team as well and law enforcement agencies.
During the writing, I have developed two practices that I would like to share with you, head on a swivel, discernment, and reconciliation. Steven had his head on a swivel when he checks his “followed by” list on Twitter. He was aware of what should be there, yet he discovered something needing further investigation.
Trip and Steven deciphered that his followers showed signs of being bots, and not just bots but of an unethical sort, at best. However, they had come to the opinion that these robots had to be controlled, likely by a human to start the seeding to find targets with the desired profile needed for the collection and separation of individuals into sub-groups.
After several discussions, the team assessed the evidence found so far and it appears this bot attack was indeed targeting. The messages within the body of the bots tweet gravitated to many users that will follow back or retweet the message. Another classification of the targeted is even more nefarious, placing messages that may or will be triggered into an act defined in the tweet. In effect, they can ultimately gain control of part of your everyday life.
~ Updates are up-coming and will be reported as they develop.