Adam St. Onge


The weakest link in detecting Botnets is typically the communication channel. What if there was a possibility to leverage existing high volume communication channels such as social networks for the command and control traffic of a botnet? Utilizing a social network such as Twitter, has many advantages over alternative methods, when done properly it is easier to hide in plain site due to the high volume of normal chatter, the protocol and traffic is already established as a known protocol to many security systems and antivirus software, and it is highly available across the globe. Twitter is aware of their potential for people using their network for nefarious purposes so they have developed a series of advanced protection mechanisms that need to be bypassed. The simplest solution would be to acquire an API key for access to programmatically post and fetch messages to Twitter but that would introduce a substantial weakness to the system. In the event that the traffic was identified once, Twitter could withdraw the API key and effectively shut down the botnet. To avoid this weakness we utilized web scraping technology and the mobile web site of twitter, which has a smaller set of protection mechanisms. The system is implemented in Python utilizing an open source library, Mechanize to scrape the mobile web site. There were challenges encountered in successfully accessing Twitter's web site that are shown. New social networks are being built everyday and the opportunity for utilizing these types of networks for communications of botnets presents a large opportunity and ultimately an urgent need for these network owners to become aware of the potential uses of their systems.

Library of Congress Subject Headings

Twitter--Security measures; Computer networks--Security measures; Online social networks--Security measures

Publication Date


Document Type


Student Type


Degree Name

Networking and System Administration (MS)

Department, Program, or Center

Information Sciences and Technologies (GCCIS)


Bill Stackpole

Advisor/Committee Member

Sylvia Perez-Hardy

Advisor/Committee Member

Daryl Johnson


Physical copy available from RIT's Wallace Library at TK5105.59 .S76 2014


RIT – Main Campus

Plan Codes