Serf and Turf: Crowdturfing for Fun and Profit
Gang Wang
Christo Wilson
Xiaohan Zhao
Yibo Zhu
Manish Mohanlal
Haitao Zheng
Ben Y. Zhao
The 20th International World Wide Web Conference (WWW 2012)
[Full Text in GZIP PS
Format, 1.03MB]
[Full Text in PDF Format,
504KB]
Paper Abstract
Popular Internet services in recent years have shown that remarkable things
can be achieved by harnessing the power of the masses using crowd-sourcing
systems. However, crowd-sourcing systems can also pose a real challenge to
existing security mechanisms deployed to protect Internet services. Many
of these security techniques rely on the assumption that malicious activity is
generated automatically by automated programs. Thus they would perform
poorly or be easily bypassed when attacks are generated by real users
working in a crowd-sourcing system.
Through measurements, we have found surprising evidence showing that not
only do malicious crowd-sourcing systems exist, but they are rapidly
growing in both user base and total revenue. We describe in this paper a
significant effort to study and understand these crowdturfing systems
in today's Internet. We use detailed crawls to extract data about the size
and operational structure of these crowdturfing systems. We analyze
details of campaigns offered and performed in these sites, and evaluate
their end-to-end effectiveness by running active, benign campaigns
of our own. Finally, we study and compare the source of workers on
crowdturfing sites in different countries. Our results suggest that
campaigns on these systems are highly effective at reaching users, and
their continuing growth poses a concrete threat to online communities
both in the US and elsewhere.