[blackice]

One of the better ways to find these people using "unofficial" APIs is to look for VPN / hosting IPs. Running all of it on their home connection is very obvious so they'll branch out and let their bots run on servers 24x7. Based on the IP address and their account activity, I think it'll be a lot easier to catch botters or at least catch the big fish.

[corobo]

Aren't bots like this often run on botnets? After the classic DDoS of course, I'd have thought this sort of thing would be what botnets are used for these days.