The Arrest and Charges
The U.S. Department of Justice announced the arrest of a 23 year old Canadian man, Jacob Butler, for allegedly operating the Kimwolf distributed denial of service botnet. Butler, who also went by the online alias Dort, faces charges related to developing and running the botnet. Authorities linked Butler to the botnet’s administration through IP address records, online account information, and Discord messages.
How the Botnet Operated
Kimwolf is considered a variant of the AISURU botnet. It specifically targeted devices that are normally protected by firewalls, such as digital photo frames and web cameras. Once infected, these devices were enslaved and used in a cybercrime as a service model. The operators sold access to the infected devices, allowing other criminals to launch DDoS attacks against targets worldwide, including IP addresses belonging to the Department of Defense Information Network.
Impact and Scope
Investigators estimate the Kimwolf botnet issued over 25,000 attack commands before its infrastructure was disrupted. Prior to the takedown, the AISURU and Kimwolf botnets were linked to some of the largest DDoS attacks on record, with traffic volumes reaching 31.4 terabits per second. The arrest follows a coordinated law enforcement operation involving the U.S., Canada, and Germany that targeted the command and control infrastructure of multiple botnets including Kimwolf and JackSkid.
Source: The Hacker News
