The US Department of Justice has dismantled four massive botnets, including Aisuru and Kimwolf, which were used to launch some of the biggest distributed denial-of-service (DDoS) attacks ever seen. According to the Justice Department, the operators of the four botnets had amassed more than 3 million devices, often selling access to these devices to other criminal hackers.
The takedown is a significant blow to the cybercrime underworld, with Aisuru and Kimwolf being two of the most notorious botnets in recent history. Aisuru, in particular, had gained notoriety for its record-breaking cyberattacks, including a combined attack with Kimwolf that reached 31.4 terabits per second, a volume of attack traffic close to triple the size of any seen before.
Inside the Botnets
The four botnets targeted by the US were variants of Mirai, an internet-of-things botnet that first appeared in 2016. Mirai's code base has since served as the starting point for a decade of other internet-of-things botnets. Kimwolf, in particular, took advantage of cheap internet-connected gadgets that acted as residential proxies, letting hackers pivot into users' home networks to compromise devices that are typically protected behind a home router.
Chad Seaman, a principal security researcher at Akamai, notes that cybersecurity researchers and law enforcement had engaged in a monthslong cat-and-mouse game with the botnet operators. At times, the operators used innovative tricks like moving their domain name system to the Ethereum blockchain to prevent the hijacking of their command-and-control servers.
The Infrastructure Question
The takedown of the four botnets raises questions about the infrastructure that allows these botnets to operate. The fact that the botnets were able to amass over 3 million devices highlights the scale of the problem and the need for better security measures to prevent such attacks. As Seaman notes, the cat-and-mouse game between cybersecurity researchers and botnet operators is a long game, and even if these four botnets have been permanently dismantled, other hackers will no doubt rebuild new, massive collections of hacked machines to take their place.
US attorney Michael J. Heyman stated, "The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live." The US government collaborated with Canadian and German authorities to target individuals who operated these botnets, although no arrests were immediately announced.
Regulatory Pressure Builds
The takedown of the four botnets is a significant step in the fight against cybercrime, but it also highlights the need for continued regulatory pressure to prevent such attacks. As the use of botnets and DDoS attacks continues to evolve, it is essential for law enforcement and cybersecurity researchers to stay one step ahead of the attackers. The US government's collaboration with international authorities is a positive step towards combating cybercrime, and it will be interesting to see how this effort develops in the future.
