### Kimwolf Botnet Operator Nabbed After International Investigation Authorities arrested **Jacob Butler**, also known as "**Dort**," in Ottawa, Canada, on Wednesday. He is accused of operating the **Kimwolf** DDoS botnet. The **Ontario Provincial Police** executed the arrest based on a U.S. extradition warrant, according to a statement from the Department of Justice. Butler awaits an initial court hearing while in Canadian custody. The botnet targeted traditionally firewalled devices like digital photo frames and web cameras. These compromised systems were then leveraged for rent or used in large-scale DDoS attacks, impacting even the **Department of Defense**'s internet address ranges. The **Defense Criminal Investigative Service**, with assistance from the FBI's Anchorage field office, is investigating the case. ### Record-Breaking DDoS Attacks and Financial Impact "KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume,” the Justice Department stated. The attacks resulted in financial losses exceeding one million dollars for some victims, with the botnet allegedly issuing over 25,000 attack commands. On March 19, U.S. authorities, alongside international partners, disrupted the infrastructure of **Kimwolf** and three other DDoS botnets: **Aisuru**, **JackSkid**, and **Mossad**. ### Unmasking and Harassment KrebsOnSecurity identified Butler as the **Kimwolf** botmaster in February after uncovering his online presence. Despite this exposure, Dort continued to harass researchers who aided in identifying him and slowing the botnet's spread. Dort claimed responsibility for swatting attacks targeting the founder of **Synthient**, **Ben Brundage**, a security startup that helped mitigate a critical vulnerability exploited by **Kimwolf**. Brundage expressed relief at Butler's arrest, hoping to end the harassment.  Investigators linked Butler to the botnet through IP addresses, online account information, transaction records, and messaging application data obtained via legal processes. The criminal complaint reveals Butler's limited attempts to separate his real and cybercriminal identities. In April, the Justice Department, with European partners, seized domain names tied to nearly four dozen DDoS-for-hire services, some of which collaborated with **Kimwolf**. A search warrant executed at Butler's Ottawa residence on March 19 led to the seizure of multiple devices. He now faces charges of unauthorized computer use, possession of devices for unauthorized computer access, and mischief related to computer data in Canada. In the United States, Butler faces a charge of aiding and abetting computer intrusion, carrying a potential sentence of up to 10 years in prison, subject to considerations in the U.S. Sentencing Guidelines.