A Barracuda Labs study found that the average dealer has the capacity to control as many as 150,000 followers at a time, sometimes more. Those who can control 20,000 fake accounts and can attract sales of $20 or more — the going rate is 1,000 followers for a minimum of $18 — stand to earn roughly $800 per day, according to Barracuda Labs. Keep in mind that very little of this work is manual; the dealers could easily control a system of botnets and set up a few software tools to automate much of the process.
Building an inventory of fake Twitter accounts isn't difficult for anyone with access to an Internet connection and a Web browser.
Fake Twitter accounts need some information — an image to use as an avatar, perhaps some bio content, maybe even some tweets. Twitter provides its API at dev.twitter.com for anyone looking to create applications. Once an app has been created, the developer is given an access token, which Barracuda researcher Ding described as "basically a password for your application." That token can be obtained by simply logging in with a Twitter account, entering a name, a URL and a description of the app the user intends to create. The access token enables the recipient to create an app that connects to Twitter's servers, where all information made public by the site's users is stored, Ding says.
Using Twitter's API, developers can design programs that collect all the information of a given group of Twitter users, such as, for example, the 800,000 users following Mitt Romney's account. These programs don't necessarily hijack these accounts — they copy the images and text from their profiles and tweets. This pool of information can then be automatically ported into accounts based on an algorithm that automates the registration process on a massive scale.