Listen to this Post
Introduction:
A new global index has pulled back the curtain on the shadowy economy fueling online manipulation, revealing that the cost of a fake social media account can be as low as eight cents. The Cambridge Online Trust and Safety Index (COTS) tracks the real-time market prices for SMS verifications used to create bot armies across over 500 platforms, from TikTok to Amazon, exposing a transnational grey market that makes misinformation, fraud, and political influence campaigns a readily available commodity.
Learning Objectives:
- Understand the structure and economics of the “online manipulation economy” as revealed by the Cambridge Index.
- Learn to identify the technical and behavioral markers of sophisticated bot networks.
- Implement practical defenses for individuals and organizations to detect and mitigate the impact of malicious bot activity.
You Should Know:
- The Anatomy of the “Manipulation Economy”: SIM Farms and Verification Markets
The foundation of modern bot armies is the SMS verification. Platforms use this to confirm a human is creating an account, but a murky global marketplace has emerged to bypass it. Vendors operate “SIM farms”—physical banks containing thousands of SIM cards or virtual numbers provided by Communications Platform as a Service (CPaaS) providers. These vendors purchase SIMs in bulk; since one SIM can verify an account on hundreds of different platforms, they profit by selling high-demand verifications for apps like Telegram or Facebook, then offering verifications for countless other services.
Step-by-step guide explaining what this does and how to use it:
How It Works: A buyer visits a vendor site, selects a target platform (e.g., X/Twitter) and a desired country for the phone number, and pays. The vendor’s automated system provides a phone number. The buyer uses this number to register on the platform, receives the SMS verification code via the vendor’s system, and completes the account creation.
The Price of Manipulation: The COTSI data reveals stark cost differences driven by SIM card regulations. Verifying a fake account averages $4.93 in Japan and $3.24 in Australia, but only $0.26 in the US, $0.10 in the UK, and $0.08 in Russia. Platforms with the cheapest global average fake accounts include Meta and Shopify at $0.08, X and Instagram at $0.10, and TikTok and LinkedIn at $0.11.
- Bots as a Service: From Vanity Metrics to Election Interference
This market services a wide range of “inauthentic activity”. Researchers note that for just ten euros (about $11), one can purchase approximately 90,000 fake views or 200 fake comments for a social media post. The demand is not just for vanity. Analysis of 61 national elections found that the price of fake accounts for direct messaging apps Telegram and WhatsApp spiked by an average of 12% and 15%, respectively, in the 30 days before a vote. This price surge indicates heightened demand for locally registered accounts to run concealed influence operations.
Step-by-step guide explaining what this does and how to use it:
The Election Playbook: Influence operators need local phone numbers for WhatsApp/Telegram because these apps display a user’s country code. To target a specific electorate, they must purchase verifications from within that country, driving up pre-election demand and prices.
Platform Arbitrage: For platforms like Facebook or Instagram, where an account’s origin is hidden, operators can buy cheap verifications from one country (e.g., Russia for $0.08) and use them to target audiences in another, avoiding election-related price surges. This creates a layered attack surface for disinformation campaigns.
- The AI Evolution: Why Modern Bots Are Harder to Spot
The threat is accelerating with technology. “Generative AI means that bots can now adapt messages to appear more human and even tailor them to relate to other accounts. Bot armies are getting more persuasive and harder to spot,” said study co-lead Dr. Jon Roozenbeek. A 2024 study uncovered a botnet of 1,140 accounts on X using generative AI to conduct automated conversations. Research from Carnegie Mellon University confirms consistent bot behaviors across global events, finding that bots disproportionately use easily automated actions like retweets and form “star” networks to disseminate information, unlike humans’ more conversational “tree” structures.
Step-by-step guide for technical detection:
While sophisticated bots are challenging to identify, IT and security teams can look for network-level and behavioral anomalies.
Analyze Account Metadata: Scripts can flag accounts with suspicious creation patterns (e.g., batches from similar IP ranges).
Example Log Analysis Command (Using grep on server auth logs)
grep "account_created" /var/log/platform/auth.log | awk '{print $4, $5}' | sort | uniq -c | sort -nr | head -20
This shows IP addresses with high volumes of account creation activity.
API Monitoring: Monitor for unusual patterns in API calls that could indicate automated posting or liking behavior.
Behavioral Analysis: Leverage User and Entity Behavior Analytics (UEBA) tools to establish baselines for normal user activity and flag deviations, such as an account posting 24/7 or engaging in repetitive, non-conversational interactions.
4. Defensive Hardening: Strategies for Platforms and Organizations
The Cambridge researchers suggest targeting the manipulation economy’s choke points. Technical and policy defenses include:
Enhancing Verification: Moving beyond simple SMS verification, which is compromised, to more robust methods. This could involve examining the metadata of phone numbers to flag those from known CPaaS providers used by virtual SIM farms.
Transparency Measures: Mandating clear labeling of an account’s country of registration, as recently implemented on X, to help users contextualize content.
Internal Vigilance for Businesses: Organizations should train employees to recognize social engineering attempts that may originate from bot-networks. Security policies should mandate two-factor authentication not reliant on SMS and encourage verification of unusual requests through secondary channels.
- Global Policy as a Technical Control: The SIM Card Chokepoint
The most effective technical intervention may be legislative. The study concludes that SIM card regulation is a key to “disincentivise online manipulation”. The UK became the first European country to ban unauthorized SIM farms in April 2025, and the COTSI index will now measure the policy’s impact. Regulations that make bulk acquisition of SIMs difficult, enforce strict Know-Your-Customer (KYC) rules for purchases, or ban specific devices that house hundreds of SIMs (SIM banks) can directly increase the cost and complexity of mass account creation.
What Undercode Say:
Follow the Money for Defense: The Cambridge Index provides a revolutionary, data-driven lens for cybersecurity and CTI professionals. Monitoring these markets can serve as an early-warning system for impending influence campaigns, shifting threat intelligence from reactive to predictive.
The End of SMS as Security: SMS-based verification is now a broken security model for critical functions. Its continued use represents a significant vulnerability that organizations must urgently work to phase out in favor of more secure authenticator apps or hardware tokens.
Prediction:
We predict a rapid, two-pronged evolution in the online manipulation ecosystem. First, as regulations like the UK’s SIM farm ban take effect, we will see a geographic shift in verification markets to jurisdictions with weaker oversight, accompanied by increased use of hard-to-trace virtual SIMs and cryptocurrency payments. Second, the integration of generative AI will create a new class of “adaptive bots” capable of sustained, context-aware interactions, making network-based detection via APIs and logs even more critical. This will likely lead to an arms race, where platform defenders increasingly deploy advanced AI-driven bot detection models, forcing attackers to find new, more expensive methods of infiltration. The price of a bot army may rise, but its potential for damage will as well.
▶️ Related Video (80% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Mthomasson Bot – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
