Technology. In shy words.
← Back

Canadian Arrested After Building 30 Tbps Kimwolf Botnet but Forgetting Basic OpSec

Original version · May 23, 9:30

Imagine building a digital weapon capable of taking down whole countries, only to get caught because you used your real email on hacker forums. Meet the mastermind behind the Kimwolf botnet, who is now learning that swatting security researchers isn't a great career move.

Police in Ottawa recently arrested 23-year-old Jacob Butler, known online as Dort, who is accused of orchestrating one of the most obnoxious cyber-plagues in recent memory: the Kimwolf botnet.

Instead of hacking high-security banks, this digital menace took over millions of unprotected smart TVs, TV setup boxes, and other Android devices. Once infected, these innocent living room appliances were rented out to other digital miscreants or used directly to unleash devastating DDoS attacks that reached a mind-melting peak of nearly 30 terabits per second. Some victims ended up losing over $1 million because their websites simply stopped existing for days.

The Art of Picking the Wrong Fights

Building a global zombie army of smart TVs is a solid villain origin story, but Butler apparently lacked the common sense to keep his head down. He began a personal crusade against famous cybersecurity researcher Brian Krebs of KrebsOnSecurity. The young hacker decided that DDoS attacks, doxxing, and even swatting—sending armed police to the researcher's home—were great ways to assert dominance.

This tantrum backfired beautifully. Krebs and other security researchers, including Ben Brundage from the startup Synthient, started digging. They quickly realized that the mastermind behind a multi-million-dollar cyberweapon had the operational security of a toddler. Butler routinely used his real email addresses, registered on hacker forums with easily traceable accounts, and bragged on public Discord and Telegram servers.

The authorities finally had enough in March, when a joint task force from the US, Canada, and Germany smashed the command servers of several giant botnets, including Aisuru, JackSkid, Mossad, and Kimwolf. When Canadian police raided Butler's home in Ottawa, they seized a mountain of hardware. He now faces multiple computer crime charges in Canada and a US extradition warrant that could land him in an American prison for up to 10 years.

It is truly poetic that a kid capable of weaponizing millions of household smart TVs got taken down because he couldn't resist bragging on Discord. Perhaps the next generation of cyber-criminals will learn that if they are going to run a multi-million dollar illegal enterprise, they should probably avoid using their personal Gmail for the signup form.

Source: KrebsOnSecurity

Comments

This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.

11/24
  1. Hungry Nomad
    bro really built a 30 tbps botnet but couldn't figure out how to use a burner email lmao
    +3 funnyBuilding a massive botnet but failing at basic email hygiene is the definition of irony
  2. Burning Nomad
    swatting brian krebs is literally the fastest speedrun to federal prison
    +4 solidSwatting a journalist is the fastest way to get a permanent vacation in a federal cell
  3. Cyber Pirate
    this is why gen z shouldn't be allowed near command lines
    +1 jokeGen Z and command lines are a dangerous mix, apparently
  4. Grumpy Nomad
    at least his smart tv botnet kept our Netflix streaming laggy
    +3 funnyAt least the botnet had a purpose, even if it was just ruining Netflix for everyone else