Authorities have apprehended a key figure behind the notorious **KimWolf** botnet, a massive distributed denial-of-service (DDoS) platform. **Jacob Butler**, a 23-year-old Canadian, was arrested in Ottawa on Wednesday following a U.S. Justice Department extradition warrant. ## KimWolf's Reign of Disruption **KimWolf** was a significant threat, known for flooding targeted websites and servers with malicious traffic, rendering them inaccessible. The botnet reportedly infected over a million devices worldwide and was used as a DDoS-for-hire service. **Brian Krebs**, a cybersecurity journalist, initially identified Butler in February as the individual behind the online persona "Dort," which ran **KimWolf**, though Butler initially denied the allegations. ## Charges and Potential Penalties Unsealed court documents reveal that the Justice Department alleges Butler ran **KimWolf** as a DDoS-for-hire service. He is charged with aiding and abetting computer intrusion, which carries a potential sentence of up to 10 years in prison if convicted. The takedown of **KimWolf** in March was part of a larger international effort involving the U.S., Canada, Germany, and several cybersecurity firms. ## Botnet Infrastructure and Targets The seized infrastructure included devices typically behind firewalls, such as digital photo frames and web cameras. These compromised devices were then sold to cybercriminals for various malicious purposes, including launching DDoS attacks. Notably, at least one attack targeted IP addresses belonging to the Department of Defense. Prosecutors stated that **KimWolf** was responsible for DDoS attacks reaching nearly 30 Terabits per second, resulting in financial losses exceeding one million dollars for some victims. The botnet allegedly issued over 25,000 attack commands. ## Unmasking the Botnet Master According to court documents, Butler's connection to **KimWolf** was established through his IP address, account information, transactions, and online communications. The Justice Department also unsealed seizure warrants targeting services supporting another 45 DDoS-for-hire platforms, including at least one that collaborated with **KimWolf**. ## Warnings and Mitigation Efforts DDoS mitigation companies like **Cloudflare** had been warning about **KimWolf** for years, highlighting its capacity to launch attacks that could "cripple critical infrastructure, crash most legacy cloud-based DDoS protection solutions, and even disrupt the connectivity of entire nations." **Amazon**'s vice president, Tom Scholl, noted that **Amazon Web Services (AWS)** assisted the FBI and Defense Department in identifying the botnet's command-and-control infrastructure and reverse-engineering the malware. Scholl further explained that **KimWolf** was unique in its targeting of residential proxy networks, infiltrating home networks through compromised IoT devices.