My initial idea was to use a single account but then changed it because of the reason you give. I'd post commands to random accounts from random accounts and use the search facility for the bots to find the commands.
If the commands are then encrypted/encoded they won't see loads of pings and execs they will see either streams of random characters or maybe even something like:
"Watch Hak5.org @ 7"
which would mean start your DOS attack on Hak5 at 7AM. The more "English" you could make the control language the harder it would be for Twitter to work out how to block it without upsetting other users.
As you are at the mercy of Twitter then they will always have ultimate power over your botnet but as they are large and getting larger the amount of time it would take to get code written, checked and rolled out would give you chance to get established and maybe get what you wanted done.
This could also be used as a backup channel to another C&C as an emergency way back into the bot.
If you are posting from random accounts and searching to identify the commands couldn't the bot be controlled by a 3rd party? if someone tracking your botnet figured out your command structure (probably would be hard to do that) then couldn't they post random messages and have control over this botnet? some kind of unique authentication phrase wouldn't be a bad idea
Using twitter as a C&C channel for a bot
in Security
Posted
If you are posting from random accounts and searching to identify the commands couldn't the bot be controlled by a 3rd party? if someone tracking your botnet figured out your command structure (probably would be hard to do that) then couldn't they post random messages and have control over this botnet? some kind of unique authentication phrase wouldn't be a bad idea