US Takes Down Botnets Used in Record-Breaking Cyberattacks
The collection of Millions of hacked computers, known as Aisuru and Kimwolf, were used to launch some of the largest distributed denial of service (DDoS) attacks ever seen. Today, U.S. law enforcement erased them both from the Internet, along with two other hordes of hacked computers, known as botnets, in a single takedown.
On Thursday, the U.S. Department of Justice, working with the Defense Department’s cybercrime agency known as the Defense Criminal Investigative Service, announced that it had taken down four massive botnets in a single operation, taking down the command-and-control servers used to commandeer the hacker-led armies of compromised devices known as JackSkid, Mossad, Aisuru and Kimwolf. Together, the operators of the four botnets accumulated more than 3 million devices, the Justice Department said, and often sold access to those devices to other criminal hackers and also used them to target their victims with massive streams of attack traffic aimed at knocking websites and Internet services offline.
Aisuru and Kimwolf, a separate but related botnet to Aisuru, together had more than a million devices, according to DDoS defense firm Cloudflare, with Aisuru infecting a variety of devices ranging from DVRs to network devices to webcams, and its offshoot Kimwolf infecting Android devices including smart TVs and set-top boxes. Cloudflare claims that the two botnets, working together, carried out a cyberattack against a Cloudflare customer last November that reached more than 30 terabits of data per second, nearly three times the size of the previous largest such attack.
No arrests were immediately announced nor the takedowns, but a press release from the Department of Justice stressed that the US government was working with Canadian and German authorities, “who were targeting the individuals who operated these botnets”.
“The United States is steadfast in our commitment to protecting critical internet infrastructure and fighting against cybercriminals who endanger their security, no matter where they live,” U.S. Attorney Michael J. Heyman wrote in a statement.
Among the four botnets dismantled during the operation, Aisuru is the one that gained the greatest notoriety, thanks to a series of record or near-record cyberattacks carried out last fall. The botnet, whose use has been praised as many startup services offer their brute-force disruption capabilities to anyone willing to pay, has visibly pitted itself against gaming services like Minecraft and independent cybersecurity journalist Brian Krebs. Krebs, who has conducted extensive investigations into the underground botnet and Aisuru in particular, has been the target of repeated attacks by the botnet over the past year.
Then, in November, Cloudflare absorbed a record combined attack from Aisuru and Kimwolf that lasted just 35 seconds but reached 31.4 terabits per second, a volume of attack traffic nearly triple that previously observed. (The company did not reveal which of its customers were affected by this attack.)
In a report on the state of the DDoS ecosystem, Cloudflare described the peak attack traffic from the combined Aisuru and Kimwolf botnets as equivalent to “the combined populations of the United Kingdom, Germany, and Spain simultaneously typing in a website address and then pressing ‘Enter’ at the same second.” The botnet was capable, according to Cloudflare analysts, of “launching DDoS attacks that can paralyze critical infrastructure, crash most cloud-based DDoS protection solutions, and even disrupt the connectivity of entire nations.”
In fact, all four botnets disrupted by the U.S. operation were variants of Mirai, an Internet of Things botnet that first appeared in 2016, which broke records at the time for the scale of cyberattacks it enabled and was ultimately used in an attack on domain name service provider Dyn that simultaneously took down 175,000 websites across much of the United States. Mirai’s codebase has since served as the starting point for a decade of other Internet of Things botnets.
