Very old low post count accounts suddenly becoming very active: Security issue?

[xcmt]

I had noticed a weird uptick this election in older accounts that were new to Soap Box activity. That's not alarming or even abnormal given the stakes of the past election. I'm not equipped with examples months after the fact, but there were definitely times where a 9+ year old account that had been active only in like The Battlefront or something five years ago and had lain dormant since was suddenly posting every 15 minutes in the Soap Box, which is normally a fairly closed and stable community that doesn't see much influx of visitors, nevermind thread-spamming ones. And these accounts were always pushing right-wing talking points, consistently enough to make me take notice. Or perhaps it was simply my bias in only registering my visceral reaction to that kind of nonsense, but not the left-leaning ones.

Actually I lied, I do have an example: Fury13 is a 25 year old account that stuck to the technical forums, took a long vacation, farmed some engagement in the front pages, took another vacation, and then showed up years later to post 42 times in two calendar days in late October to talk at great length in the Box (for the first time) vociferously criticizing women (their clothing, their responsibility in being victims, etc) and then disappeared off the map after catching too much heat. Maybe he just felt emboldened by this particular Trump campaign (but not the previous ones?) or this particular crescendo in the global authoritarian surge but the pattern is odd, and this surely isn't the only one.

This is a useless anecdote, true, but as someone who gets his jollies rousing from hibernation to poke at these frauds I've been on a slightly higher alert lately. Like when I ran across this winner, a 21 year old total lurk account with no posting history whatsoever that only just now decided to activate like the Winter Soldier and become extremely vocal and celebratory about the death of DEI. I guess it's possible that there's an oldblood techie, a true CPU architecture aficionado, rich and fat in his middle age, who just really hates minorities and finally found his moment to speak after two decades. It seems far more likely that whatever entity is responsible for astroturfing random forums pulled this particular compromised password out of the bucket of accounts to start needling libs about racial angst.

I don't think I have a comprehensive point here other than to vaguely support OP's suspicions in limited cases. I don't think it's a super widespread issue, not enough to suggest a systematic security problem.

 

[Tofystedeth]

I had noticed a weird uptick this election in older accounts that were new to Soap Box activity. That's not alarming or even abnormal given the stakes of the past election. I'm not equipped with examples months after the fact, but there were definitely times where a 9+ year old account that had been active only in like The Battlefront or something five years ago and had lain dormant since was suddenly posting every 15 minutes in the Soap Box, which is normally a fairly closed and stable community that doesn't see much influx of visitors, nevermind thread-spamming ones. And these accounts were always pushing right-wing talking points, consistently enough to make me take notice. Or perhaps it was simply my bias in only registering my visceral reaction to that kind of nonsense, but not the left-leaning ones.

Actually I lied, I do have an example: Fury13 is a 25 year old account that stuck to the technical forums, took a long vacation, farmed some engagement in the front pages, took another vacation, and then showed up years later to post 42 times in two calendar days in late October to talk at great length in the Box (for the first time) vociferously criticizing women (their clothing, their responsibility in being victims, etc) and then disappeared off the map after catching too much heat. Maybe he just felt emboldened by this particular Trump campaign (but not the previous ones?) or this particular crescendo in the global authoritarian surge but the pattern is odd, and this surely isn't the only one.

This is a useless anecdote, true, but as someone who gets his jollies rousing from hibernation to poke at these frauds I've been on a slightly higher alert lately. Like when I ran across this winner, a 21 year old total lurk account with no posting history whatsoever that only just now decided to activate like the Winter Soldier and become extremely vocal and celebratory about the death of DEI. I guess it's possible that there's an oldblood techie, a true CPU architecture aficionado, rich and fat in his middle age, who just really hates minorities and finally found his moment to speak after two decades. It seems far more likely that whatever entity is responsible for astroturfing random forums pulled this particular compromised password out of the bucket of accounts to start needling libs about racial angst.

I don't think I have a comprehensive point here other than to vaguely support OP's suspicions in limited cases. I don't think it's a super widespread issue, not enough to suggest a systematic security problem.

I guess it's possible that there's an oldblood techie, a true CPU architecture aficionado, rich and fat in his middle age, who just really hates minorities and finally found his moment to speak after two decades.

I mean, this is sadly, highly likely. I don't know why you would think it wouldn't be the case. Old blood techies aren't immune to prejudice and being jerks just because they cut their teeth writing machine code in the 80s or whatever. We've seen plenty of cases of them doing it in places that aren't pseudonymous. Why couldn't it happen here?

 

[xcmt]

I don't know why you would think it wouldn't be the case.

Because it's absurd? That someone is so thoroughly racist that it would compel him to do something he hasn't done in 21 years, create a post on this specific forum? And not ever before, on any number of subjects including news and matters concerning DEI or minorities or discriminatory practices? I'm not saying that old nerds can't be racists, but what I am saying is that I don't find it particularly believable (versus the proposed alternative, anyway) for any individual to change up that thoroughly established pattern of non-participation just for a quick shitpost.

Maybe if he had a few dozen posts over the years, something to demonstrate that he's willing to talk to strangers on the internet. But zero posts? Two decades? Get real.

 

[Aurich]

Again, it happens all the time, it's just that none of you pay attention because the innocent posts don't make you go oh weird, what's up with that.

What isn't normal is making thousands of posts on in a forum. We're the weirdos.

 

[ImpossiblyStupid]

This is not really an indication of anything, especially when you are talking about gaps in time. People relocate or travel.

Sure. My point, though, is that it would be evidence of a change, not this idle speculation people are posting about hacks just because someone crawls out of the woodwork and starts pushing people's buttons.

Because it's absurd?

Sigh. It's only absurd based on a slew of assumptions. As I said, it would be just as reasonable (if not more so) to hypothesize that some nation state is continually creating bogus accounts and seeding them with "good" content, and them putting them into service (yes, perhaps even decades later) to post "bad" content.

The account age just doesn't matter. They're all just some random online stranger (and possibly a bot at that!) who is get more than the 0.5s of attention they deserve. Ignore, or report if they're doing something really objectively wrong. I still don't understand why so many adults these days are caught up in this nonsense.

 

[Skoop]

Sleeper accounts.

Who knew?

 

[The Aloof Alot]

Could also just be that people reused passwords across sites and one of their other accounts using the same credentials got leaked.

Maybe some of that could be blocked by requiring a password reset if an account becomes active again after more than a set period of time.

 

[nimro]

Ignore, or report if they're doing something really objectively wrong. I still don't understand why so many adults these days are caught up in this nonsense.

This subforum contains decades of evidence that many people are quite literally unable to just scroll past things they don't like, don't agree with, or aren't interested in. It would make an interesting human behaviour study

 

[Aurich]

People just ... don't post. It's not that weird. And then one day, 5 years after their first post, they decide to.

It happens, and it's not something we're concerned about.

 

[Galvanic]

There's literally a title for people who don't post that often (Seniorus Lurkus [sp?]) and I bet a lot of them have big gaps between their 11 posts over 18 years.

 

[SarahSparkles]

A few years ago, one of my comments was accused of being a hi-jacked account. I was 17 years in with 100+ comments, only a handful of which had been had been posted in recent years. My comment did not toe-the-line quite enough with the hive-mind. It wasn't particularly constructive (though not any less so than 90% of the other comments), I understood the downvotes, but proved my point.

People just ... don't post. It's not that weird. And then one day, 5 years after their first post, they decide to.

This is such a great example, and I'll voice what you let speak for itself. No one was accusing that user account of being hijacked. Because the Arsians at large agreed with it (as do I, FTR).

The first reply to it:

Thank you for your service, very sincerely. Duty and honor are not always easy burdens to carry.

 

[Aurich]

A few years ago, one of my comments was accused of being a hi-jacked account. I was 17 years in with 100+ comments, only a handful of which had been had been posted in recent years. My comment did not toe-the-line quite enough with the hive-mind. It wasn't particularly constructive (though not any less so than 90% of the other comments), I understood the downvotes, but proved my point.


This is such a great example, and I'll voice what you let speak for itself. No one was accusing that user account of being hijacked. Because the Arsians at large agreed with it (as do I, FTR).

The first reply to it:

When you did suddenly start posting more it's because there was an issue that was important to you being discussed in pretty passionate terms. Suddenly being silent wasn't your call anymore, and you wanted your voice to be in the mix. Which I very much appreciated.

Not everyone has 30,000+ posts and an opinion on everything and anything and won't stop typing. Ahem.

 

[papadage]

Who are you talking about, newb?

 

[Aurich]

Who are you talking about, newb?

Listen youngster.

 

[BigP]

What isn't normal is making thousands of posts on in a forum. We're the weirdos.

Seriously. . .

 

[papadage]

View attachment 101031View attachment 101032

Listen youngster.

Feels good to be caled young at my age. Thanks!

 

[cogwheel]

View attachment 101031View attachment 101032

Listen youngster.

Calling @Happysin and @Frennzy, it's time to show this noob what real posting is.

 

[Happysin]

 

[pokrface]

Sit down, children.

 

[papadage]

Sit down, children.

You post slow, gramps.

 

[Doomlord_uk]

I can well imagine sleeper accounts being set up all over the web, it's an obvious tactic for people/orgs with an agenda to promote. I don't think that is a security concern, obviously. I seem to vaguely at least recall Ars imposing a password reset or two so probably these aren't hacked accounts, or they are hacked accounts that came from hacked e-mail accounts. Anyway... the issue isn't really how old or dormant these accounts are, just that they are a red flag for certain types of undesirable behaviour - promoting dis-info (aka lying), brigading, or whatever.

Not sure at all the admins want to start policing content at that level, but no reason 'concerned citizens' in the rank and file of the forum's membership can't themselves organise to tackle these folk. I forget how many downvotes it takes to get someone hidden, but if it's X and you have X+1 on duty that day, you can silence the opposition quite quickly all by yourselves

 

[ramases]

Sleeper accounts.

Who knew?

I live in a country where there is significant Russian influence; influence, as in one of our former foreign ministers danced with Vladimir Putin on her wedding, then fucked off to Lebanon after the bums got thrown out of government (alas not permanently, by the looks of it), and now sits in Saint Petersburg as a sort-of modern-day Tokyo Rose.

I also happen to know a bunch of IT people at local newspapers, and also other folks.

We know for a fact that there are foreign-paid acteurs engaging in the comment sections of places like national newspapers; we also know that they go to considerable extend in sourcing accounts, creating content, and shaping posting history so they don't immediately get noticed.

Registering accounts and posting once of twice in advance seems like such an elementary and cheap action that it would seem foolish to assume people who we already know are spending considerable resources on this would be like, "nah, too expensive and bothersome".

So the weird thing is that sleeper propaganda accounts very much are a thing in some parts of the web.

It's just that Ars in general and the Box in particular would be some very odd place to engage in this; compared to the comments section of larger media or the hellscapes of verbal diarrhoea that passes as Twitter (or much of FB/Insta) these days the cost/benefit ratio of doing this on 1) Ars, and 2) in the Box, just seems ... woeful.

Let alone the bother of going out and looking for compromised or compromiseable accounts on a (no disrespect intended, Arsfolks ) rather niche part of the web.

 

[Doomlord_uk]

I could be wrong but Ars isn't that niche, by forum standards. And given, as you note, the cheapness of acquiring sleeper accounts or creating them, why wouldn't you do this on every forum. You'll have more luck/influence in some places than others but ahead of time, especially years ahead of time, that might not be so easy to guess where that will be.

 

[Aurich]

I mean, look, I'm just gonna be real, if there's some nation state wasting their resources paying people to spend their time arguing with people in our comments ... I'm okay with that?

Like, best of luck with that.

 

[uid1]

Similar thing on Slashdot in 2016.

I forget details on how their karma / frequency of posting / etc. worked, other than a low user id indicating an early account registry.


Low user id accounts suddenly posting a lot about "Killary" and "Glowball Warming" and such crap.

Definitely had a feel of a significant number of dormant, unrecognized users, with old accounts suddenly actively pushing an agenda.


Cannot remember if it was before or after November, 2016, but it led me to finally abandon that site permanently.

I came straight here, eventually registered an account, and proceeded directly to mostly lurking.

 

[ImpossiblyStupid]

Like, best of luck with that.

I'd be saying something similar, but for the fact that it seems to be working. Luck is not a factor. It's not a waste of resources to pay someone in China or Russia to steal the time/productivity of even a single US worker, it's a 5x force multiplier. I leave it as an exercise for the reader to do the math for countries that are not fans of the US with even lower per capita incomes.

In fact, it has worked so well, it's got us fighting each other! Sure, it's much worse on other sites than on Ars, but none of it is good. Being OK with it is only going to lower the level of discourse here.

 

[Aurich]

I'd be saying something similar, but for the fact that it seems to be working. Luck is not a factor. It's not a waste of resources to pay someone in China or Russia to steal the time/productivity of even a single US worker, it's a 5x force multiplier. I leave it as an exercise for the reader to do the math for countries that are not fans of the US with even lower per capita incomes.

In fact, it has worked so well, it's got us fighting each other! Sure, it's much worse on other sites than on Ars, but none of it is good. Being OK with it is only going to lower the level of discourse here.

Eh, I think people put too much on this idea that it's foreign trolls, and not that our fellow citizens are morons.

 

[Scotttheking]

Eh, I think people put too much on this idea that it's foreign trolls, and not that our fellow citizens are morons.

Oh feh, I’ll bite.

(Deleted blurb about qualifications) I have no basis to opine that the answer is yes, and...

Most of them, I’d guess, are readers who made an account to post, and now reactivated them. The NASA one above has a post history about a NASA project, then another about quitting 6 years later. Sounds like a long time reader.
Plenty of tech folks with wacky views, and Trump legitimized saying all the crap out loud.

Some small number are probably trolls who got them from a shared password breach.

The astroturfing, troll farm, influence building ones are more likely to have a built posting history and are being used to create material to reference elsewhere, but really, social media is so easy to manipulate that seeding topics on forums is less valuable now. And short of a lot of research to produce guidance from CISA, there’s not much to be done here. We know from the news there was active work to combat misinformation being spread on social media. If I were at one of the nation-state groups working to destabilize the US, I’d mostly be sitting back marveling at how my 2016 work is so successful.
Maybe there’s a few, but they were way more active in 2016 than now.
It’d be great to kill their accounts everywhere, and it won’t happen, and if it did, they’d find new ones.

All that to say that if I had a magic wand, I’d wave it to lock out or reset old accounts all over the Internet, but it’s of limited use now, and the vast majority are Americans emboldened to say this crap, and trained from social media that of course they are right.

(Aurich, I’m agreeing with you with some added nuance)

 

[ramases]

The astroturfing, troll farm, influence building ones are more likely to have a built posting history and are being used to create material to reference elsewhere, but really, social media is so easy to manipulate that seeding topics on forums is less valuable now.

This is pretty much where it comes down to myself.

Keeping your stuff up and visible at Ars is a lot more difficult than in other places, and some of those other places just have a way higher reach, and a much better network effect than Ars does.

 

[Aurich]

The real paid trolls don't show up to go lol Donald Trump won nah nah nah. They don't need to, people do that for free already.

Actual agitators get AI-generated photos of white women, cosplay as Democratic soccer moms, and then start asking questions and pushing divisive rhetoric under the guise of being on your team.

"I support Joe Biden, but I'm worried about my daughter playing on on a soccer team with trans people" etc.

 

[ImpossiblyStupid]

Eh, I think people put too much on this idea that it's foreign trolls, and not that our fellow citizens are morons.

That's to my second point. There is a feedback/snowball effect that allows the trolling to amplify the morons. That's a big part of why I don't think shrugging and being above it all is to our advantage. I would hope Ars is at least interested enough to have a security apparatus to analyze your logs and look for patterns of abusive behavior.

Some small number are probably trolls who got them from a shared password breach.

Which isn't really an Ars security/hacking issue, of course. Certainly more could be done to reduce that problem, but accounts are so easy to create from scratch that there is marginal utility in locking down old accounts.

The astroturfing, troll farm, influence building ones are more likely to have a built posting history and are being used to create material to reference elsewhere, but really, social media is so easy to manipulate that seeding topics on forums is less valuable now.

That is very true. What Ars gets them is basically some slight increase in respectability and the ability to point to someplace other than another social media echo chamber. After all, that's why this thread is about old accounts behaving badly; people overvalue attributes like that.

If I were at one of the nation-state groups working to destabilize the US, I’d mostly be sitting back marveling at how my 2016 work is so successful.

No kidding! But that doesn't appear to be happening. There's no reason to stop until the job is done.

All that to say that if I had a magic wand, I’d wave it to lock out or reset old accounts all over the Internet

My magic wand would be to eliminate the "anonymous" global reach of the Internet (and most other technologies). Humans just aren't adapted for the large social anarchies we have today. Local communities seem to be inevitably negatively effected by outside influences they cannot identify.

 

[Aurich]

We're not going to flag your account for not posting in a while, or changing your IP address. None of that stuff is really helpful. People don't post, they use VPNs.

The basic issue remains that if an account—old or new—is posting problematic things we'll moderate it. Otherwise we're not going to worry about it.

 

[s@nDOk@n]

If we didn't have an enemy to fight, we'd invent one. Didn't we do the same with god so we could argue about the troll?

 

[Skoop]

have a security apparatus to analyze your logs and look for patterns of abusive behavior.

We do. It's called reporting. If you see abusive behavior, report it and let the moderation team take care of it.

 

[ImpossiblyStupid]

We do. It's called reporting.

I was hoping for something slightly more sophisticated than Whac-A-Mole. I foresee a rough few years ahead for Ars.

 

[Aurich]

I was hoping for something slightly more sophisticated than Whac-A-Mole. I foresee a rough few years ahead for Ars.

I see a rough few years ahead for the whole freaking world.

 

[The Sheep Look Up]

I see a rough few years ahead for the whole freaking world.

Ouch, right in the recognition of reality.

 

[JustReadingArs]

'affable100' think I found the longest lurking account yet!! 22 years, first post today!

Edit: sorry didn't mean to imply it was a trolling post, just amazed at the restraint to even post/comment on Ars after that long.

 

[Jeff J]

'affable100' think I found the longest lurking account yet!! 22 years, first post today!

That's the first time I've noticed a link to the reply button instead of the post. I usually copy the link from the date.

 

[JustReadingArs]

That's the first time I've noticed a link to the reply button instead of the post. I usually copy the link from the date.

Whoops, wasn't sure how to link to the direct post, thanks I'll try that in the future.