A 23-year-old Ottawa man is facing extradition to the United States after being accused of involvement in massive cyberattacks that affected more than a million devices worldwide.
Investigation and Charges
Ontario Provincial Police (OPP) said their cybercrime investigations team began probing two major botnet operations – KimWolf and Aisuru – in January. These operations were believed to be responsible for some of the largest distributed denial of service (DDoS) attacks ever recorded. Botnet operators sell access to enslaved household devices like digital picture frames or web cameras to cybercriminals, which are then commandeered to overwhelm websites, servers, or networks with fake web traffic.
The OPP investigation, which received cooperation from law enforcement agencies elsewhere in Canada as well as the U.S. and Germany, led to a search warrant being executed on March 19 at a residence in Ottawa, where multiple electronic devices were seized.
Charges Laid in Both Canada and U.S.
Jacob Butler was arrested on Wednesday and charged with unauthorized use of a computer; possession of a device to obtain unauthorized use of a computer system or to commit mischief; and mischief in relation to computer data. The OPP said Butler remains in custody pending a court appearance Tuesday in Ottawa.
“DDoS attacks are borderless crimes,” Det.-Sgt. Matthew Ellwood said in an OPP news release. “The actions of cybercriminals can cause disruption here at home, even when the attack is launched from thousands of kilometres away. That’s why understanding DDoS attacks at a global level is essential to protecting the public and explaining the instability they cause.”
The announcement came on the same day the U.S. Attorney’s Office in Alaska said they were seeking Butler’s extradition after he was charged there with aiding and abetting computer intrusion. Someone convicted of that charge could face up to 10 years in prison, the U.S. Attorney’s Office said.
Suspect Accused of Operating KimWolf Botnet
An OPP spokesperson confirmed that Butler is the same person charged in both cases, but referred any further comments to the U.S. Department of Justice. An email seeking information from the U.S. Department of Justice on the extradition process was not immediately returned.
In a criminal complaint unsealed in the District of Alaska, the U.S. Attorney’s Office accused Butler of operating the KimWolf botnet that allegedly helped infect more than a million devices worldwide, including ones in that state. The complaint alleges that KimWolf was tied to massive DDoS attacks that resulted in financial losses exceeding more than $1 million for some victims. The KimWolf botnet alone allegedly issued more than 25,000 attack commands, the U.S Attorney’s Office said.
“Law enforcement allegedly connected Butler to the administration of the KimWolf botnet through IP address, online account information, transaction records and online messaging application records obtained through the issuance of legal process,” the U.S. Attorney’s Office said in a news release.
Anyone with information that could assist the investigation is asked to call the OPP at 1-888-310-1122 or Crime Stoppers anonymously at 1-800-222-8477 or ontariocrimestoppers.ca.
