New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Canadian Kimwolf Botnet Operator Arrested
Pretty big win after what we all saw 30Tbit/s did to the entire internet, that was one hell of a time.
Some highlights:
Law enforcement allegedly connected Butler to the administration of the KimWolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process.
Butler is charged with one count of aiding and abetting computer intrusion. If convicted, Butler faces up to 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
We used to pray for times like these
Comments
It's a crime against humanity.
When will we start arresting the corporate execs that knowingly ship insecure WAN-connected IoT software that will be run for years without a single security update?
Botmasters are bad and all, but if this particular criminal never existed, we'd just be talking about some other botnet operator that infected the same devices.
how did he get caught? just wow
Kimwolf specifically was actually a very interesting botnet, I believe Synthient did a really good write-up on it.
The issue wasn't always IoT devices but instead Android devices (e.g smartphones or TV boxes) which had ADB open. Normally, ADB can't be accessed externally as you require a RFC 1918 IP if I remember correctly. However, if you have a proxy into someone's home network, you can then scan and find ADB then install malware to make the device act as a botnet since you're inside the network.
https://synthient.com/blog/a-broken-system-fueling-botnets
seems to be horrendous opsec, but he did also paint a huge target on his back
What if I say that these are IoT as well?
fackin finally
each to their own
Can someone TL;DR? Not AI summary, actual TL;DR
Guy ran big botnet, fucked around and found out.
Only if the devices purposefully disable adb authentication.
The guy is heavily autistic. Genius on the wrong path. Jail will change him drastically.
And yet my subscription to the botnet owner’s residential proxies still work.
Yeah, i still remember looking at the dumps full of *"Hello, are you by any chance a baby phone, sir?" traffic back when Mirai was hot. Unsurprisingly nothing much has chanced since then...
It's pretty hard to wander the modern internet without leaving a metric fuckton of data behind. Once the target is big enough skids tend to fuck themselves over through their unstoppable urge to talk to other skids.
What do you use these proxies for?
He didn’t do anything related to opsec. Krebs and one sec firm uncovered him via email addresses.
This criminal specifically targeted home IoT devices like picture frames that were already behind a NAT'd router, not WAN-connected routers.
Plenty of insecure routers get regular updates and still get pwned for other stupid security mistakes.
You're self-employed, right?
NAT is not supposed to be a security barrier. The fact that this particular case required one extra step changes nothing. The devices are still horribly insecure.
Indeed, but at least if they're trying and get pwned anyway, I wouldn't be advocating for the arrest of the execs in charge of things. Writing shitty software does not rise to that level of negligence. Writing shitty software that you know will be in use for a decade and stopping security updates after a year or two does.
You're so polite as always. But no, I work as a consultant.
Yep. As The Grugq says, the best way to stay safe is to STFU. People get caught not because the feds are going to burn some 0day on them but because they boast to everyone who will listen and get taken down through HUMINT.