The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.
On Thursday, the US Department of Justice, working with the cybercrime-fighting agency within the US Department of Defense known as the Defense Criminal Investigative Service, announced that it had dismantled four massive botnets in a single operation, removing the command-and-control servers used to commandeer the hacker-run armies of compromised devices known by the names JackSkid, Mossad, Aisuru, and Kimwolf.
Together, operators of the four botnets had amassed more than 3 million devices, the Justice Department said, and often sold access to those devices to other criminal hackers as well as using them to target victims with overwhelming floods of attack traffic to knock websites and internet services offline. Aisuru and Kimwolf, a distinct but Aisuru-related botnet, had together comprised more than a million devices, according to DDoS defense firm Cloudflare, with Aisuru infecting a variety of devices ranging from DVRs to network appliances to webcams, and its Kimwolf offshoot infecting Android devices including smart TVs and set-top boxes. Cloudflare says the two botnets, working in conjunction, carried out a cyberattack against a Cloudflare customer last November that reached more than 30 terabits of data per second, nearly three times the size of the previous biggest such attack. No arrests were immediately announced along with the takedowns, but a Justice Department statement noted that the US government was collaborating with Canadian and German authorities, “which targeted individuals who operated these botnets.” “The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live,” US attorney Michael J. Heyman wrote in a statement. Of the four botnets taken out in the operation, Aisuru had gained the most notoriety, thanks to a series of record-breaking or near-record cyberattacks it carried out last fall. The botnet, whose use was rented out like many such “booter” services offering their brute-force disruptive capabilities to anyone willing to pay, has been most visibly against gaming services like Minecraft and independent cybersecurity journalist Brian Krebs. Krebs, who has extensively investigated the botnet underground and Aisuru in particular, came under repeated attack from the botnet last year. Then in November, Cloudflare absorbed a recording-breaking combined attack from Aisuru and Kimwolf that lasted only 35 seconds but reached 31.4 terabits per second, a volume of attack traffic close to triple the size of any seen before. In a report on the state of the DDoS ecosystem, Cloudflare described the maximum attack traffic of the combined Aisuru and Kimwolf botnets as equivalent to “the combined populations of the UK, Germany, and Spain all simultaneously typing a website address and then hitting ‘enter’ at the same second.” The botnet was capable, Cloudflare’s analysts wrote, of “launching DDoS attacks that can cripple critical infrastructure, crash most legacy cloud-based DDoS protection solutions, and even disrupt the connectivity of entire nations.” In fact, all four botnets disrupted by the US operation were variants of Mirai, an internet-of-things botnet that first appeared in 2016, broke records at the time for the size of the cyberattacks it enabled, and eventually was used in an attack on the domain-name service provider Dyn that took down 175,000 websites simultaneously for much of the United States. Mirai's code base has since served as the starting point for a decade of other internet-of-things botnets. The four botnets targeted by the US in Thursday's takedown had all evolved new techniques that let them infect types of devices that even Mirai had never managed to access. Kimwolf in particular took advantage of cheap, internet-connected gadgets that acted as “residential proxies” that—often unbeknownst to their owners—let hackers pivot into users' home networks to compromise devices that are typically protected behind a home router, says Chad Seaman, a principal security researcher at networking firm Akamai. “It really shook the foundations of what we considered to be a secure home network,” Seaman says. Seaman notes that cybersecurity researchers and law enforcement had engaged in a months-long cat-and-mouse game with the botnet operators. At times, he says, the operators used innovative tricks like moving their domain name system to the Ethereum blockchain to prevent the hijacking of their command-and-control servers. Regardless of the results of Thursday's takedown, Seaman says he's seen enough generations of DDoS operators—going back to Mirai itself—to know that even if these four botnets have been permanently dismantled, other hackers will no doubt rebuild new, massive collections of hacked machines to take their place. “The cat-and-mouse game continues. You catch one mouse, and 10 others scurry under the refrigerator,” he says. “The cats will prioritize the fat mice. But it's a long game.”
Fbi Cloudflare Cybersecurity Security Crime Malware
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Slain Troops’ Families Issue Ban After Trump Used Dignified Transfer for CashThe families of service members appealed for privacy after an earlier dignified transfer drew controversy.
Read more »
Sexual predators can get off the hook if they are progressive enough -- just look at Cesar ChavezThe bigger they are, the longer it takes them to fall.
Read more »
Suspect used AI photos pretending to work for FBI to scam victim: state policePennyslvania State Police in Erie are investigating an alleged theft involving AI photos.According to state police, a suspect that goes by the name 'Joshua Robe
Read more »
California used faulty DUI tests for nearly 10 years, state Justice Department saysFollowing an audit, however, the state Justice Department determined only a small number of cases involved the faulty urinalysis tests and needed to be reviewed.
Read more »
Miami University takes down SMU in NCAA Tournament First Four game in DaytonEian Elmer scored 23 points and Miami (Ohio) beat SMU 89-79 on Wednesday night in the First Four for its first NCAA Tournament victory in 27 years.
Read more »
Casio’s new $600 calculator is a work of artThe S100X features a Japanese lacquer finish that takes a month to apply by hand.
Read more »