Twitter Direct Messages to control hacked computers by John Zorabedian.
From the post:
Direct Messages on Twitter are a way for users to send messages to individuals or a group of users privately, as opposed to regular tweets, which can be seen by everyone.
Twitter has expended a lot of effort to stamp out the predictable abuses of the Direct Message medium – namely spam and phishing attacks.
But now, self-styled security researcher Paul Amar has created a free Python-based tool called Twittor that uses Direct Messages on Twitter as a command-and-control server for botnets.
As you probably know, cybercriminals use botnets in a variety of ways to launch attacks.
…
But the one thing we don’t quite get in all of this is, “Why?”
Many security tools, like Nmap and Metasploit, cut both ways, being useful for researchers and penetration testers but also handy for crooks.
But publishing a free tool that helps you operate a botnet via Twitter Direct Message seems a strange way to conduct security research, especially when Twitbots are nothing new.
…
Amusing indignant stance by naked security on yet another tool for controlling botnets.
Notice the “self-styled security researcher,” I guess Anonymous are “self-styled” hackers and “…a strange way to conduct security research…,” as though anyone would make appoint naked security as security research censor.
Software is neither good nor bad and the conduct of government, police departments, corporations, security researchers has left little doubt that presuming a “good side” is at best naive if not fatally stupid.
There are those who, for present purposes, are not known to be on some other side but that is about as far as you can go safely.
You can find a highly similar article at: Tool Controls Botnet With Twitter Direct Messages by Kelly Jackson Higgins, which supplies the link missing from the naked security post:
Twittor is available on Github.
Kelly reports that Amar is working on adding a data extraction tool to Twittor.