Jacob Butler, the 23-year-old Ottawa man accused of running the Kimwolf IoT botnet, has been arrested by Canadian authorities and now faces criminal hacking charges in both Canada and the United States.
Kimwolf infected millions of devices — mostly digital photo frames and web cameras — and weaponized them for massive DDoS attacks over the past six months. The Justice Department says the botnet was behind attacks measured at nearly 30 terabits per second, a record. Some victims lost over a million dollars. The botnet also targeted Department of Defense internet ranges, pulling in the DoD’s Defense Criminal Investigative Service and the FBI’s Anchorage field office.
KrebsOnSecurity identified Butler as the suspected botmaster back in February, using the handle “Dort.” After being named, Butler allegedly launched DDoS attacks, doxing campaigns, and swatting attempts against journalist Brian Krebs and security researchers who helped track him down. One of those researchers, Ben Brundage of Synthient, said he’s “relieved” Butler is in custody.
U.S. and international authorities had already seized Kimwolf’s technical infrastructure in March, along with three competing botnets — Aisuru, JackSkid, and Mossad. A search warrant executed at Butler’s Ottawa address on March 19 turned up multiple devices.
In Canada, Butler faces charges including unauthorized computer use and possession of devices for unauthorized access. In the U.S., he’s charged with aiding and abetting computer intrusion — up to 10 years in prison if convicted, though his youth and lack of criminal history could reduce any sentence significantly.
