US, Germany, Canada disrupt botnets that infected millions of devices

Reuters03-20 21:28
UPDATE 1-US, Germany, Canada disrupt botnets that infected millions of devices 

Updates Thursday's story with German police statement from Friday, edits

Botnets used IoT devices like webcams and routers

Botnets targeted Department of Defense websites, among others

German police identified two suspected administrators facing legal consequences

By Maria Tsvetkova

NEW YORK, March 20 (Reuters) - Law enforcement agencies in the United States, Germany and Canada have carried out an operation to take down infrastructure used by four major botnets that infected more than 3 million devices worldwide.

The U.S. Department of Justice said in a statement on Thursday the malicious networks - Aisuru, KimWolf, JackSkid and Mossad - were used to launch distributed denial-of-service (DDoS) attacks, with some Department of Defense websites among the targets.

German police said on Friday law enforcement agencies had identified two suspected administrators of the botnets who will now face legal consequences.

"Searches were conducted at their residences in Germany and Canada, and extensive evidence was seized," it said in a statement. "In addition to numerous data storage devices, cryptocurrencies worth tens of thousands of dollars were also confiscated."

Most infected devices were part of the so-called Internet of Things, or web-connected appliances like webcams, digital video recorders, or Wi-Fi routers, according to the U.S. DOJ.

Operators of the botnets carried out hundreds of thousands of DDoS attacks, targeting computers and servers around the world, including IP addresses owned by the Department of Defense Information Network. In some cases, they demanded payments from their victims, according to the statement.

German police said devices could be compromised without the knowledge of their owners, and those with no security updates or weak passwords were especially at risk.

"Furthermore, resources of the Kimwolf botnet were rented out as a so-called residential proxy network. This allowed third parties to use the infected devices as an anonymization layer for a fee, without the knowledge of the actual owner," police said.

"Today’s disruption of four powerful botnets highlights our commitment to eliminate emerging cyber threats to the Department of Defense and its warfighters,” said Kenneth DeChellis, a special agent in charge at the Department of Defense Investigative Service.

The DOJ statement listed nearly two dozen major tech companies that helped the operation, including Amazon Web Services, Google, PayPal and Nokia, and the PowerOff team of the European Union's law enforcement agency, Europol, whose operation against cybercriminals focusing on DDoS attacks has been running since 2017.

(Reporting by Maria Tsvetkova and Matthias Williams; Editing by Thomas Derpinghaus and Andrei Khalip)

((maria.tsvetkova@thomsonreuters.com))

At the request of the copyright holder, you need to log in to view this content

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment