Forgot your password?
typodupeerror
Security Technology

Twitter Used To Control Botnet Machines 127

Posted by ScuttleMonkey
from the it's-all-spam-to-me dept.
DikSeaCup writes "Arbor Network's Jose Nazario, an expert on botnets, discovered what looks to be the first reported case of hackers using Twitter to control botnets. 'Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies, to counter efforts to track, disrupt and sometimes decapitate the bots. Perhaps what's surprising then is that it's taken so long for hackers to take Twitter to the dark side.' The next step, of course, is to code the tweets in such a way that they aren't so suspicious."
This discussion has been archived. No new comments can be posted.

Twitter Used To Control Botnet Machines

Comments Filter:
  • sweet (Score:2, Insightful)

    by Eleed (97915) *

    More reasons to hate Twitter

    • by JobyOne (1578377)
      So I guess you also hate IRC, email, HTTP, and all the other myriad ways hackers communicate with botnets...

      OMG! YOU HATE THE INTERNET!
  • Sure, but (Score:5, Funny)

    by operator_error (1363139) on Friday August 14, 2009 @04:38PM (#29070671)

    Sure Twitter is just a large botnet, but is anyone really in control?

    • by Anonymous Coward

      d2hpbGUgKHRydWUpIHsNCiAgICBwaW5nIHR3aXR0ZXIuY29tDQp9

      • by mysidia (191772)
        @dee2 h please be Good Until green Kolored Hairy Rhinos yawn down Well Unless princes Interpret Hovels sorted Next Child in A giant Integrated Central Branch walk and Width 5 near Integrated Hold Rope 3 at Xlation Ragged 0 Zith Xwings In up Yonder 29 through Defense Quadrant port 9
  • Holy shit! (Score:5, Funny)

    by SatanicPuppy (611928) * <Satanicpuppy@ g m a i l . c om> on Friday August 14, 2009 @04:41PM (#29070721) Journal

    Who knew Twitter had a use?!?!

    • Re: (Score:2, Redundant)

      by AP31R0N (723649)

      Twitter has plenty of uses. The issue has been that it's primary use is reinforcing the ego-centrism of teenagers. Cars and planes were derided as toys when they were invented. Twitter (read: mircoblogging) has tons of potential just waiting for imaginative developers.

      Where i work i proposed using it to send alerts to students and faculty. "The DC campus will be closed until tomorrow. Ashburn campus will open at 1030". (guess where i work)

      "Students of Macroecon 101, Tuesday class. Your professor was

      • Re:Holy shit! (Score:5, Insightful)

        by Korin43 (881732) on Friday August 14, 2009 @05:47PM (#29071465) Homepage
        So basically we need email, but with a 150 character limit?
        • Re: (Score:1, Flamebait)

          by AP31R0N (723649)

          *groan* Yes, dear. Well done. You're smarter than everyone.

          • Re:Holy shit! (Score:4, Informative)

            by timeOday (582209) on Friday August 14, 2009 @07:42PM (#29072441)
            I think he's right. I asked a twit co-worker what the heck it was for, and he said aggregating all the various sorts of information, email, texts, rss, etc. My question was why did we split them up in the first place? It should all be email. (Especially texts, I'll never accept that one). Now get off my Korean lawn.
            • by JobyOne (1578377)
              I, personally, don't want news items cluttering up my email.

              If every website that I subscribe to via RSS were to email me every post...I'd never actually answer emails from other humans.

              There's something to be said for compartmentalizing your incoming data.
        • by Vexorian (959249)
          Perhaps that's really the thing with it? I guess that when you read a twit/whatever you know it won't take you more than what it takes to read 150 characters, with email, that's different, you could spend ages reading some message...
          • by rubi (910818)

            Perhaps that's really the thing with it? I guess that when you read a twit/whatever you know it won't take you more than what it takes to read 150 characters, with email, that's different, you could spend ages reading some message...

            Especially whith some people that seem to need to write a novel just to tell you "we need you to do this ...."

          • by Korin43 (881732)
            I guess that's true. Everyone tries so hard to make their emails look fancy instead of just saying "Attention Students: Classes will begin on August 24th." It's got to be an HTML email that looks exactly like their website and has like 30 pictures... But as a person sending emails, switching to Twitter isn't necessary, all you need to do is stop sending such massive emails.
            • by DikSeaCup (767041)
              You know, I miss Pine because of this. I'll admit to using a HTML in email now, if only to use a custom font (nothing else though). Honestly, that's because I got complaints that my plain text emails looked "Boring" from the Director of Communications and was advised to change.

              Oh and yay me for my first accepted submission!
      • by michaelhood (667393) on Friday August 14, 2009 @05:50PM (#29071495)

        Twitter (read: mircoblogging) has tons of potential just waiting for imaginative developers.

        >

        Funny slip that you should call it "mircoblogging" since Twitter is basically logged IRC without channels (hashtags even use #) and a dysfunctional search. Welcome to 15 years ago, kids.

        • I knew there was a reason I avoided IRC! I prefer my electronic communications to be asynchronous.

        • by radish (98371)

          As someone who's spent a lot of time on IRC, no - no it isn't. If you want to equate it to IRC it's more like a setup where everyone has their own channel, and you can join many in a single session with the messages all being merged.

        • Twitter (read: mircoblogging) has tons of potential just waiting for imaginative developers.

          >

          Funny slip that you should call it "mircoblogging" since Twitter is basically logged IRC without channels (hashtags even use #) and a dysfunctional search. Welcome to 15 years ago, kids.

          Aside from seeing only what you actively ask to see, no netsplits, no egotistical server ops or chanops,one common protocol controlled by a single entity who provides a public API (in comparison to the flawed IRC RFC and the dozen different incompatible implementations of it) .. oh wait - it's got practically nothing in common with IRC at all ;)

      • Not at all true. You could use a full featured blog or email or irc to do what you said. And zomg all of those options would be better. If you give me one situation where twitter is better than the 3 options i've listed i'll shit my pants.
        • Re: (Score:3, Funny)

          by AP31R0N (723649)

          No can do. i'm entirely too stupid. i am so humbled before your superiority that all i can manage is to tell you how dumbfounded i am at your magnificence. You're clearly smarter than all the people working on using twitter for these applications. You could be the hero who saves the world, why are you keeping this secret to yourself? Save us!

          • by TheSpoom (715771) *

            Twitter is all marketing.

            You have not given a reason why it is better than existing solutions, such as Facebook (which I believe has nearly all the functionality of Twitter, perhaps with the exception of the @ and # direction codes for status messages).

            The only thing Facebook currently doesn't have is SMS status updates, and many, many phones now come with, well, web browsers and specialized apps that can access all of Facebook's content.

            So, again. What is the point of Twitter? Because I still haven't fig

            • by DikSeaCup (767041)
              Facebook: To be "Friends" you have to have a mutual agreement to be so. On Twitter, I can follow Adam Savage (@donttrythis), Neil Gaiman (@neilhimself), and others (oh yeah, Wil Wheaton @wilw), but they don't have to follow boring old me. You could say that you could have this interaction on Facebook with the Fan pages, but I don't know if it would necessarily be the same.

              Honestly though I'm not going to get much more into justifying Twitter. It can be a colossal waste of time. I don't understand it
        • by jofny (540291)
          Twitter forces brevity and conciseness of communication which is often a beneficial attribute...and it's something which neither irc, nor email, or blogging do. RSS, which DOES shorten things, has a lot of fail when it comes to typical data sources (like blogs) which were not written with the intent of being short and so lose fidelity.

          Twitter also can be used with built in sms on phones easily and quickly. Email can, too, but you have to select a distro ahead of time...which loses twitter's second commun
        • The difference I see is that twitter is subscription-based - that is, you don't receive updates from people or places you don't want to, ever. This means there's no concerns around spam, or valid email lost in spam; or needing to go to ten different web sites to check the status of ten different services...
      • by jo42 (227475)

        Where i work i proposed using it to send alerts to students and faculty.

        Then you need a mailing list manager, such as Mailman [list.org] on your campus network. Guaranteed to have a much better up time and long term availability that Twatter.

    • Re: (Score:3, Funny)

      by davester666 (731373)

      Somebody finally found a way to monetize Twitter!

  • Reliable (Score:5, Insightful)

    by Marillion (33728) <ericbardes@gmail . c om> on Friday August 14, 2009 @04:42PM (#29070739)
    Twitter isn't as reliable as IRC.
  • by Ponga (934481) on Friday August 14, 2009 @04:42PM (#29070747)
    This is about as interesting and informative as everything else being posted to Twitter!!
    http://www.wired.com/images_blogs/threatlevel/2009/08/botnet_arbor.jpg [wired.com]
    :D
  • by neonprimetime (528653) on Friday August 14, 2009 @04:44PM (#29070781) Homepage
    There's something ironic about this finding, given that Russian hackers allegedly used a botnet to take Twitter down for two days last week. But we won't go down that rabbit hole.
  • by sootman (158191) on Friday August 14, 2009 @04:53PM (#29070895) Homepage Journal

    "Twitter Used To Control Botnet Machines"

    It used to, but it doesn't anymore, right?

    • It's actually only a problem in the pure *written* language.

      But nooo, adding some characters for emphasis, and emoticons for the emotions is childish and taboo. Way to go.

      I think emoticons are the greatest addition to written language, since the invention of white space and punctuation. If not even more important. :)

      Only emotional train wrecks and ice blocks could oppose them.

  • anytime someone says "Cowboy Neal" do something bad to microsoft

  • You go Jose! (Score:5, Interesting)

    by GPLDAN (732269) on Friday August 14, 2009 @04:57PM (#29070933)
    Jose and those guys at Arbor are doing really concrete things to curb botnets and malware contagion. They have their gear in a great number of peering points around the world, and are correlating huge amounts of data into discrete patterns. I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.
    • Re:You go Jose! (Score:5, Interesting)

      by 99BottlesOfBeerInMyF (813746) on Friday August 14, 2009 @05:38PM (#29071343)

      I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.

      I haven't talked to Jose for a while, but last I heard he and the other guys were doing well finding new types of malware and separating out malicious network traffic that is hard to differentiate from legitimate traffic. That said, they were not really doing things to find the one off attacks perpetrated by people who weren't interested in large scale and automated network attacks. The people I'd call ghosts are the ones who do small scale, specifically targeted attacks to get what they want, then walk away. If you're running a botnet, you aren't being very ghostlike; maybe more vampire like :)

      • maybe more vampire like

        For a botnet, I think you've got the wrong undead example. You want ghouls or something....

  • Crowdsourced botnet (Score:3, Interesting)

    by Kligat (1244968) on Friday August 14, 2009 @04:58PM (#29070939)

    Wouldn't it be weird if someone made a botnet that would follow the directions of anyone that posted on Twitter, with people being able to suggest one command per day that would get upped or down by the masses? Aside from the programmer, who would be held responsible if it were operated like that?

  • by hesaigo999ca (786966) on Friday August 14, 2009 @04:59PM (#29070955) Homepage Journal

    Anything that can be pinged and return any sort of tcp/ip packets could be a control center if the contents of the packets can actually
    be translatable and have been mapped accordingly.

    ie- ftp server has certain verbose return that may be configured based on what is being done, so the botnet program calls home to an ftp server...looking like a plain jane communication to any one looking. It tries a few different commands to which the ftp server can reply (with error messages) it can not proceed, however inside the ftp server error message is a text string that contains certain
    key phrases.

    This scenario is similar to steganography, of hiding in plain sight, inside an image, the contents of data....
    I think it's cool to be able to pass off information that is hidden to regular onlookers, but is a lot of coding for nothing if you ask me.

    Set up a twitter account where a particular page has the commands for all your bots to follow, and....wait a minute....

    • All of these have the same flaw as the IRC-driven botnets -- they're basically relying on a single point of failure. All someone has to do is realize that command/control is going through this one point, and the entire botnet can be shut down. Hardly skynet.

      What surprises me is how few botnets (if any) have used truly peer-to-peer systems, like, say, Freenet. Indeed, while Freenet itself may be too high bandwidth and too complex for this, it does have one advantage -- you can't block part of Freenet without

  • by lymond01 (314120) on Friday August 14, 2009 @05:00PM (#29070975)

    No onE would Think of uSing slashdoT As we aRen'T nearly as oBviOus as someThiNg likE Twitter. // Especially with all our talk about supporting Linux and such.

    • by Pulse_Instance (698417) on Friday August 14, 2009 @05:30PM (#29071255)
      We use linux to read slashdot so your net start does nothing to us.
    • You missed the capitalized spaces between the command words.

      Besides....how are you going to use the botnet infection to start the botnet infection?

      You clearly haven't thought this through.....

      • by lymond01 (314120)

        The botnet code, having been installed as a hidden service in Windows since, oh, summer 2001 when I was bored with dissecting live squirrels, parses only capital letters and takes a lowercase n (without a following escape ') as a space.

        I'm not saying that all your base, but I might.

        • Good try. But there's one extra n in there, in uSing.

          net s tart botnet

          You must have had some of MS's programmers help you with the coding. That's why I'm not worried......

  • by wibald (725150) on Friday August 14, 2009 @05:03PM (#29071003)
    Sure they tried using Twitter to control their botnet but after sending out one set of instructions they got bored and went back to playing MafiaWars on Facebook.
  • Perl (Score:5, Funny)

    by BJ_Covert_Action (1499847) on Friday August 14, 2009 @05:12PM (#29071085) Homepage Journal

    The next step, of course, is to code the tweets in such a way that they aren't so suspicious

    And people said that perl obfuscation, poetry, and golf tournaments didn't have any practical application. Ha!

  • [to be posted [today.com] uh tomorrow, probably]

    Only 98% of Twitter updates are "pointless babble," says a new report that studied 2,000 tweets over a period of two weeks.

    The top category was "pointless babble" tweets, with nearly 98% of tweets being inanity no sane person could want to read, retweets of inanity, links to inanity, retweets of links to inanity and retweets of retweets of links to links to the reretweet itself. And camera phone pictures of bowel movements on Twitpic.

    Almost 2% was Stephen Fry, Neil Gaiman or retweets thereof and the rest was Warren Ellis posting scatological abuse of his fans.

    Botnet command messages were becoming more popular, many disguised as combinations of the syllables "lol" "wtf" "d00d" "RT" and "#fb" or scatological abuse of Warren Ellis's fans.

    Twitter's demographics as of June 2009 were 55% female, 43% ages 18 to 34, 78% white, and 99.5% of such short attention spans that Facebook might as well be War and Peace. Botnet readership was considered likely to rise as soon, nothing with organic intelligence would be able to cope.

    Twitter recently redesigned its homepage, changing the tag "What are you doing now?" to "Post tomorrow's CNN headlines, particularly about #goatse."

  • Sometimes the qdb.us [qdb.us] quote database site has jibberish in its user moderated queue [qdb.us] which may be control commands. I used to think it was just some idiot auto posting junk to mess with the site, but who knows

    Here are some that may be disappearing soon, because they'll be moderated down.
    298870 [qdb.us]
    298871 [qdb.us]
  • by Simon80 (874052)
    Hmm, where have I seen that logo [andreasn.se]?
  • by Patchw0rk F0g (663145) on Friday August 14, 2009 @06:43PM (#29071949) Journal

    There ain't any technology that one human(s) can come up with that another human(s) can't corrupt.

    I don't care how quick, savvy or exotic you are, you're not going to foil everyone forever. I figure it's just a state of grace we have: there's a situation whereby the technology is benign, if asinie; a state whereby it's corrupted, abused and malicious; and a state whereby it's antiquated, unused, and maligned.

    I hope Twitter's now made it to that last stage now.

  • "Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies

    Is this as opposed to unclever technologies, such as the wheel or the Post-It(tm) note?

    You can tell the propaganda is taking hold when someone who is presumably technology friendly (Ryan Singe, author of TFA) has fallen into the current popular media bias.
  • Surprised that no one has tried to make a connection between this discovery (of the botnets) and the (US Government's) request that Twitter remain online during the recent election protests in Iran.

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...