In August thousands of automated accounts turned on bot researchers from The Atlantic Council’s Digital Forensic Research Lab (DFR Lab).
And once your botnet is caught, due to holes in Twitter’s security and sign-up features, it takes only a few minutes to do it all over again.“It requires very little computing power to fire this stuff out,” Maxim Goncharov, a senior threat researcher at cybersecurity firm Trend Micro who has studied the trade of social media bots, told The Daily Beast.
But they work, come with functioning email accounts, and can be used to tweet without immediately raising any alarm bells at Twitter.
Delivery of the accounts is near instant, and is done largely automatically, with no direct human interaction required.
Other pieces of software such as Twidium offer much of the same capabilities, and allow a botnet owner to post tweets, follow other accounts, or do pretty much anything else with a collection of accounts all at once.
(In The Daily Beast’s tests, Twidium relies on Twitter’s API, which in turn needs accounts to be linked to a phone number).