Once the botnet attacks had launched, Mr. Bumgarner said, other would-be attackers noticed them and started to collaborate on various Web forums, including Twitter and Facebook.
Mr. Bumgarner used data-mining tools to review Facebook pages (which some people don't keep private) and Twitter for certain Russian words that indicated they were likely involved in the attack. He saw users on those sites and others swapping attack code and target lists, and encouraging others to join.
"It's a difficult problem to handle," said Facebook spokesman Barry Schnitt, because it is impossible to detect such collaboration without monitoring conversations. Facebook has mechanisms to verify user identities and users can report inappropriate activities on the site, he said, but it doesn't monitor communications of its users.
Twitter didn't respond to requests to comment.
Full story below:
Hackers Stole IDs for Attacks - WSJ.com