GoKawiilU.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.
23-year-old Jacob Butler (also known online as "Dort") was arrested by Canadian authorities in Ottawa on Wednesday pursuant to an extradition warrant.
According to a criminal complaint unsealed on Thursday in the District of Alaska, Butler was taken into custody based on IP address and online account information, transaction records, and online messaging records that exposed his links to the KimWolf botnet.
Butler now awaits extradition to the U.S. and is facing one count of aiding and abetting computer intrusions, which carries a maximum sentence of 10 years in prison.
As detailed in court documents, KimWolf operated as a DDoS-for-hire service and was used by cybercriminals to launch attacks reaching nearly 30 terabits per second, the largest DDoS attack publicly disclosed at the time.
Using a cybercrime-as-a-service model, Butler sold access to a massive network of compromised enslaved systems (ranging from digital photo frames and web cameras to Android-based TV boxes and streaming devices).
The botnet was used in more than 25,000 attacks targeting computers and servers worldwide (including Department of Defense Information Network IP addresses) and caused financial losses exceeding $1 million for some victims.
Researchers at cybersecurity firm Synthient, who have been tracking KimWolf's rapid expansion, noted in January that KimWolf grew to almost 2 million after compromising Android devices in attacks exploiting vulnerabilities in residential proxy networks, and that it generated approximately 12 million unique IP addresses each week.
Kimwolf infections heatmap (Synthient)
Separately, the Central District of California unsealed seizure warrants targeting 45 DDoS-for-hire platforms, which disrupted multiple DDoS platforms, including at least one that collaborated with the KimWolf botnet.
... continue reading