Observing Malaysian Social Media

Evolution of Spammers in Malaysian Politics

During the #Merdeka55 event (which you can read about here and here), we discovered the use of Twitter accounts to repeatedly send the same tweet at the same moment. This practice is known as spamming. You can see this pattern demonstrated in the below screenshot of the Twitter stream during the event – large blocks of identical tweets were being sent at the same moment.


Since that time we have had to continuously improve our spam detection methods to filter out the spammed tweets. Our priority in our reports is to share content that was shared by the most number of people (not users) and genuinely popular.

Content that appears popular due to the usage of automated accounts or people hired to spam the content across multiple accounts need to have their popularity rank adjusted. We do not censor spammed content or ban spammers, but only filter out the individual tweets.

Looking for Spam in Politicians’ Mentions

As our methods improve, we run the detection algorithm across our entire database of tweets collected since April 2010. For mentions of politicians alone, we have collected 930,462 spammed tweets from 7,015 users.

From this total, Barisan Nasional (BN) politicians were mentioned in a total of 879,439 spammed tweets from 6,943 users whereas Pakatan Rakyat (PR) politicians were mentioned in a total of 55,109 spammed tweets from 2,281 users. That is an average of 126 tweets/user for BN, and 24 tweets/user for PR.

The graph below illustrates the number of spammed tweets per month that mention BN and PR politicians:


For BN, the earliest peak was 49,459 tweets in August 2012 (during the #Merdeka55 event). Subsequent peaks were in December 2012 (169,132 tweets) and April 2013 (166,954 tweets, during the 13th General Election).

The scale of the BN graph is so large that to examine PR’s levels we need to separate it, as in the graph below:


The gap between the number of spammers and their tweets is also visible here. For PR, peaks occur in September 2012 (3,654 tweets), January 2013 (5,313 tweets) and April 2013 (9,010 tweets).

The number of Twitter users (spammers) involved is relatively low, as illustrated in the graph below:


The individuals who control these spammers are unknown. Based on the type of content spammed, we find that spammers have a number of goals:

  1. To promote the politician by mentioning his/her username. This has the added effect of flooding the politician’s timeline, making Twitter less usable for the politician.
  2. To promote the politician by retweeting (RT) the politician’s tweet. This inflates the politician’s RT count, which remains unadjusted even after Twitter suspends the spammer.
  3. To attack the politician by repeating negative content.
  4. To spread misinformation

Twitter has their own method of detecting spammers which is quite effective at identifying and suspending users. This makes studying spammers difficult as once suspended we cannot extract more public details about them e.g. who their followers are or what their tweeting history looks like.

How Spammer Strategies Have Evolved

These are the main strategies employed by spammers over time since 2010.  For obvious reasons we do not provide an exhaustive list of strategies that we have identified.

The first strategy took the form of groups of users that sent identical tweets at a fixed time using applications such as Tweetdeck. Because they tweeted at the same moment, they were easy to catch and filter out. This was the type of strategy used during the #Merdeka55 event.

The second strategy employed a two-part plan:

  1. First a Twitter user would tweet the desired content that mentioned the politician’s username, or retweet (RT) the politician’s content.
  2. Subsequently, groups of users (spammers) would retweet that user’s tweet. By retweeting, these spammers would look less suspicious because it is normal on Twitter for popular users to receive a high number of RT’s in a short span of time.

The third strategy built on the previous one:

  1. First a Twitter user would tweet the desired content that mentioned the politician’s username, or retweet (RT) the politician’s content.
  2. Subsequently, groups of users (spammers) would retweet that user’s tweet OR retweet the politician’s content.
  3. Instead of retweeting in groups, these users would retweet one at a time. They either had multiple copies of their application running or they would logout; login with the next account; retweet; logout and repeat the process.

During the second and third strategies, some spammers used account credentials that were also used on a personal basis. This gave the spammer’s timeline the appearance of being a genuine Twitter user, that while true did not prevent them from being suspended.

Statistics on which politicians and political parties experience the most spam will be included as part of a subscriber service we are launching soon.


Date PR Spammers PR Spam Tweets BN Spammers BN Spam Tweets
Apr-10 0 0 0 0
May-10 0 0 0 0
Jun-10 0 0 0 0
Jul-10 0 0 0 0
Aug-10 0 0 0 0
Sep-10 0 0 0 0
Oct-10 0 0 0 0
Nov-10 0 0 0 0
Dec-10 0 0 14 46
Jan-11 0 0 12 66
Feb-11 0 0 0 0
Mar-11 1 1 1 1
Apr-11 10 16 2 2
May-11 12 35 6 7
Jun-11 0 0 0 0
Jul-11 10 58 3 6
Aug-11 6 12 8 17
Sep-11 6 6 25 123
Oct-11 26 73 44 142
Nov-11 27 109 52 247
Dec-11 40 316 68 657
Jan-12 43 524 88 730
Feb-12 43 375 103 840
Mar-12 46 629 196 1589
Apr-12 129 805 362 2359
May-12 166 1175 567 4000
Jun-12 212 1375 538 3693
Jul-12 288 2043 770 7404
Aug-12 466 2004 3640 49459
Sep-12 379 3654 1463 11415
Oct-12 392 3415 951 9904
Nov-12 413 3013 1358 122145
Dec-12 323 1961 1225 169132
Jan-13 539 5313 1363 85648
Feb-13 409 2629 1396 53544
Mar-13 711 5110 2173 81435
Apr-13 805 9010 2836 166954
May-13 1141 5236 2156 49055
Jun-13 394 1496 1063 13383
Jul-13 248 862 1000 7133
Aug-13 241 897 826 7170
Sep-13 297 1423 936 12305
Oct-13 214 1534 1006 18828

Written by politweet

November 28, 2013 at 12:55 pm

%d bloggers like this: