US Departments of Justice and Defense crush four massive botnets totaling 3,000,000 devices — botnets responsible for a combined 316,000 DDoS attacks globally

The U.S. Department of Justice (DoJ) and its network of partners are on quite a roll lately, scoring the third botnet takedown in this calendar month alone. Not content with putting a stake through the hearts of LeakBase and SocksEscort, the DoJ brought offline the combination of networks known as Aisuru, Kimwolf, JackSkid, and Mossad.

The operation took out the command-and-control servers for a total of 3 million devices and had the help of the U.S. Department of Defense, Canada, Germany, and a group of major internet connectivity players, including Akamai, Amazon, and Cloudflare. The Defense Criminal Investigative Service seized multiple domains, virtual servers, and "other infrastructure."

Go deeper with TH Premium: Taiwan, trade, and tariffs

As of right now, there are no arrests reported, though German and Canadian authorities reportedly have their eyes on potential targets, namely a 15-year-old from Germany, and a Canadian 22-year-old who is presumed to be the infamous Kimwolf operator, alias "Dort".

Latest Videos From

The bulk of those infected devices belong to the rather large Aisuru and Kimwolf botnets, both of which were in the news recently due to the scale of the DDoS attacks performed through them. Notably but not exclusively, the largest attack was performed pretty recently in late January, smashing worldwide records at a record 31.4 Tb/s, enough bandwidth to take entire countries offline.

The Aisuru botnet primarily targets networking and adjacent gear, such as home and office routers, IP cameras, Wi-Fi access points, and gateways. Kimwolf's favorite nourishment, meanwhile, is Android-based streaming devices such as TV boxes, Smart TVs, Android tablets, and digital photo frames. Many of these devices come with the Android debugging mode wide enabled from the factory, and sometimes with preinstalled exploitable firmware, namely on cheap, no-name IPTV piracy set-top boxes.

The DoJ says that Aisuru was responsible for about 200,000 DDoS attacks, while Kimwolf scored 25,000, JackSkid 90,000, and Mossad 1,000. Some of those attacks made the bold move of striking at IP ranges owned by the US DoD.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

11 Comments Comment from the forums

Shiznizzle

No deals....you do not go straight to Park Place and get to work for the FBI, no matter how smart you are. No, you go straight to jail for 25 years to think about if you want to change or not. These people are scum and run some really nasty stuff for people sometimes. They dont care who pays them and what they host
Reply
pclaughton

Don't you mean the Department of War? :LOL:
Reply
TechieTwo

And to think 99% of this is preventable if folks would just change the default password for their modem, router, etc. Some people really are dangerous to society. :(
Reply
Hotrod2go

TechieTwo said:
And to think 99% of this is preventable if folks would just change the default password for their modem, router, etc. Some people really are dangerous to society. :(
Depends if the home router is ISP supplied & thus supported. Changing the password to something else hinders an ISPs access to the router for firmware updates. Situation is not as simple as it seems.
Reply
passivecool

Hotrod2go said:
Depends if the home router is ISP supplied & thus supported. Changing the password to something else hinders an ISPs access to the router for firmware updates. Situation is not as simple as it seems.
Then they really need to change providers.

Folks: don't let your TV, BR-player, smart toaster, smart lightbulb into the network! Buy a vacuum robot that does not require it.

"Willy bought some dynamite,
did not understand it, quite,
Ignorance is full of pains,
It rained Willy seven days."
Reply
COLGeek

Hotrod2go said:
Depends if the home router is ISP supplied & thus supported. Changing the password to something else hinders an ISPs access to the router for firmware updates. Situation is not as simple as it seems.
I don't think it works that way, even with an ISP provided router. The update firmware function happens on the user side of the router. That function is independent from the ISP's management of other devices.
Reply
Hotrod2go

COLGeek said:
I don't think it works that way, even with an ISP provided router. The update firmware function happens on the user side of the router. That function is independent from the ISP's management of other devices.
An ISP here in Australia can update the firmware without any end user interaction.
Reply
COLGeek

Hotrod2go said:
An ISP here in Australia can update the firmware without any end user interaction.
So that would only work if they provide the router, correct? User owned routers would not do so.

Cable modems, ONTs are certainly managed by ISPs though.
Reply
Hotrod2go

COLGeek said:
So that would only work if they provide the router, correct? User owned routers would not do so.

Cable modems, ONTs are certainly managed by ISPs though.
Yes, they supply the modem/router unit already set up, just plug n' play as they say.
Reply
COLGeek

Hotrod2go said:
Yes, they supply the modem/router unit already set up, just plug n' play as they say.
I suspect that while they manage the modem side of a combo unit, the router side is set up to auto update. Not quite the ISP managing that part of the combo unit (and you really wouldn't want the ISP mucking about on the user side of the router....where all your devices are).
Reply

Show more comments