Serf and Turf: Crowdturfing for Fun and Profit

Popular Internet services in recent years have shown that remarkable things can be achieved by harnessing the power of the masses using crowd-sourcing systems. However, crowd-sourcing systems can also pose a real challenge to existing security mechanisms deployed to protect Internet services. Many of these techniques make the assumption that malicious activity is generated automatically by machines, and perform poorly or fail if users can be organized to perform malicious tasks using crowd-sourcing systems. Through measurements, we have found surprising evidence showing that not only do malicious crowd-sourcing systems exist, but they are rapidly growing in both user base and total revenue. In this paper, we describe a significant effort to study and understand these “crowdturfing” systems in today’s Internet. We use detailed crawls to extract data about the size and operational structure of these crowdturfing systems. We analyze details of campaigns offered and performed in these sites, and evaluate their end-to-end effectiveness by running active, non-malicious campaigns of our own. Finally, we study and compare the source of workers on crowdturfing sites in different countries. Our results suggest that campaigns on these systems are highly effective at reaching users, and their continuing growth poses a concrete threat to online communities such as social networks, both in the US and elsewhere.

💡 Research Summary

The paper investigates a newly emerging threat on the Internet known as “crowdturfing,” which combines the large‑scale human labor of crowdsourcing with the deceptive, propaganda‑style tactics of astroturfing. The authors define crowdturfing as a three‑tier system: customers who launch campaigns, agents who manage and distribute tasks, and workers who perform the tasks for monetary compensation. While traditional security mechanisms (CAPTCHAs, behavior‑based detection, machine‑learning filters) assume that malicious activity is generated by automated scripts, crowdturfing subverts these defenses by employing real humans to carry out large‑scale, policy‑violating actions.

The study focuses on two of the biggest Chinese platforms that host crowdturfing activities: Zhubajie (ZBJ) and Sandaha (SDH). Using a custom crawler, the authors collected comprehensive data from September 2011 onward, including campaign descriptions, start/end times, number of tasks, total payment, acceptance/rejection rates, and detailed worker submissions (screenshots, URLs). Their analysis shows exponential growth in both the number of campaigns and the revenue flowing through these sites, indicating a rapidly expanding market.

Two architectural models are identified. Distributed systems rely on instant‑messaging groups, mailing lists, or chat rooms, offering resilience against law‑enforcement takedowns but suffering from low user recruitment, lack of accountability, and fragmented payment channels. Centralized systems, by contrast, operate as public websites that directly connect customers and workers, maintain reputation scores, and automate task assignment and payment. The authors find that centralized platforms dominate in scale, attracting orders of magnitude more campaigns and workers, and providing richer data for analysis.

Task categories fall into four main types: (1) mass creation of fake accounts, (2) posting targeted content on social networks, blogs, and forums, (3) writing positive reviews or endorsements, and (4) disseminating political or commercial propaganda. These tasks are deliberately crafted to evade automated spam filters and detection mechanisms, relying on human timing, language nuance, and interaction patterns that appear legitimate.

To evaluate end‑to‑end effectiveness, the researchers launched their own benign advertising campaigns on one of the platforms. By routing clicks through a controlled redirection server, they measured click‑through rates and conversion metrics, demonstrating that crowdturfing campaigns can achieve cost‑effective user engagement comparable to traditional online advertising.

Geographically, the workforce is highly international. Workers from lower‑income countries (India, Vietnam, the Philippines, etc.) frequently participate in campaigns targeting US‑based platforms, receiving payments via global payment services. This cross‑border labor flow underscores the global nature of the threat and the difficulty of jurisdictional enforcement.

The paper concludes that crowdturfing is a fast‑growing, lucrative industry that poses a concrete threat to online communities such as Facebook, Twitter, and Google+. Existing defenses that focus on bots are insufficient; multi‑layered defenses are needed, including task‑flow analysis, worker reputation systems, payment tracking, and policy‑level interventions. Limitations include the focus on Chinese platforms, lack of longitudinal data on campaign longevity, and limited insight into worker motivations. Future work is suggested to broaden geographic coverage, develop real‑time detection models, and explore legal frameworks for mitigating crowdturfing activities.