An Ottawa man has been arrested following an international cybercrime investigation into a major botnet operation that allegedly infected millions of devices with malware. The Ontario Provincial Police (OPP) cybercrime investigations team launched the probe in January, targeting two botnets named Kimwolf and Aisuru, which authorities claim are responsible for some of the largest Distributed Denial of Service (DDoS) attacks ever recorded.
Details of the Investigation
On March 19, officers raided and searched a home in Ottawa, seizing multiple electronic devices. Jacob Butler, 23, was charged on May 20 with unauthorized use of computers, possession of devices to obtain unauthorized use of computer systems or to commit mischief, and mischief in relation to computer data. The charges stem from his alleged involvement in operating the botnets.
What Are Botnets and DDoS Attacks?
A DDoS attack is a malicious attempt to overwhelm and disrupt a server or network by flooding it with fraudulent traffic. Hackers use botnets—coordinated networks of internet-connected devices controlled by the hacker—to carry out these attacks. According to the U.S. Department of Justice, some victims reported losses and remediation expenses totaling tens of thousands of dollars. Cybercriminals allegedly used the botnets to launch hundreds of thousands of attacks, sometimes demanding extortion payments from victims.
Global Collaboration
Law enforcement agencies in Canada, the United States, and Germany conducted independent operations targeting botnet administrators and infrastructure in parallel with the OPP investigation. The Aisuru botnet is alleged to have issued more than 200,000 DDoS attack commands, while KimWolf issued over 25,000. The U.S. Attorney's Office noted that infected devices were enslaved by botnet operators, who then used a cybercrime-as-a-service model to sell access to other criminals.
“DDoS attacks are borderless crimes,” said OPP Detective Staff Sergeant Matthew Ellwood in a statement. “The actions of cybercriminals can cause disruption here at home even when the attack is launched from thousands of kilometres away. That’s why understanding DDoS attacks at a global level is essential to protecting the public and explaining the instability they cause.”
Record-Breaking Attacks
The DOJ reported that some cyberattacks measured up to 30 Terabits per second, described as record-breaking. The investigation highlights the growing threat of botnets and the need for international cooperation to combat cybercrime.
