"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
-Bruce Schneier
Twitter, the botnet command network
Written by Brian Austin
Sunday, 16 August 2009
Say what you will of Twitter but the ills of social networking and DDOS attacks against controversial bloggers only scratches the surface. According to security researchers Twitter has become a command and control channel for botnets. IT World describes the tweets of a now deactivated account which disseminated instructions to compromised computers designed to gather personal information for a group of identity thieves in Brazil.
Though the discovery is a first for Twitter it doesn't taken an expert to realize that this vector is incredibly promising and falls under the "malicious content hidden in mundane Internet traffic" channel which hackers are exploiting with ever increasing frequency. While services like IRC and chat are being blocked or falling under ever increasing scrutiny hackers are quietly moving to other methods of instructing zombie computers like HTTP/HTTPS. Twitter, in spite of obvious service problems, is a very promising method as its popularity and user base grows because botnet commands can hide amongst normal tweet traffic.
