With over 182 billion Tweets being produced by approximately 330 million accounts on Twitter's social media platform just this year in 2019, each account is crafting approximately 552 Tweets. Due to the large volume of traffic and Tweets on this platform, it is a suitable candidate for creating a covert channel that is hidden in plain sight; thus, allowing for covert communications to exist. The paper discussed in this session and written by the speakers, defines a covert channel as being any type and all forms of communications that are hidden and communicate surreptitiously between the different endpoints. By exploiting Twitter's APIs, the channel utilizing two use cases: a malware use case and a command and control server design use case. These two use cases have been implemented to send covert messages, execute commands remotely, and ex-filtrate data through an account's user profile page being scraped, parsed, and interpreted. Allowing ambiguity to be established in both use cases in a social media environment where communication between the different hosts would eliminate suspicion and mitigate the risk of detection.
Time: May 5 - 11:30 AM
Location: Room 101
Audience Level: Intermediate
Audience Knowledge: Technology background may help, but not needed.