US takes down ‘cybercrime-as-a-service’ botnets that hijacked over 3 million IoT devices globally

The US Justice Department has announced that it dismantled four massive botnets responsible for some of the largest distributed denial-of-service (DDoS) attacks in history. The Justice Department says the four botnets targeted in the operation infected millions of devices worldwide, with the majority being Internet of Things (IoT) devices such as digital video recorders, web cameras, and Wi-Fi routers.

“The four botnets launched Distributed Denial of Service (DDoS) attacks targeting victims around the world. Some of these attacks measured approximately 30 terabits per second, which were record-breaking attacks,” the Justice Department said in a statement.

What was the threat from affected botnets?

As per the DoJ, the four targeted botnets, known as Aisuru, KimWolf, JackSkid, and Mossad, operated on a “cybercrime-as-a-service” model. They have been accused of targeting and infecting devices which are traditionally “firewalled” from the rest of the internet.

The operators of these botnets then sold access to the infected devices to cybercriminals. The victim devices were then forced to participate in thousands of DDoS attacks targeting computers and servers worldwide.

The DoJ says that as of March, the number of infected devices hijacked worldwide by these botnet administrators exceeded 3 million.

“Some victims reported the DDoS attacks resulted in tens of thousands of dollars in losses and remediation expenses. Cybercriminals used these botnets to launch hundreds of thousands of attacks, in some cases demanding extortion payments from victims,” DoJ said.

Court documents revealed the volume of DDoS attack commands issued by the four botnets. The Aisuru botnet issued over 200,000 commands, while KimWolf issued more than 25,000 attack commands, JackSkid launched more than 90,000 DDoS commands, and Mossad launched more than 1,000 commands.

As per a Wired report, all four botnets are variants of the infamous Mirai botnet, which first emerged in 2016 and famously took down major portions of the US internet by attacking the domain-name provider Dyn.

Reportedly, one of the four botnets involved in the attack, Aisuru, gained the most notoriety for record-breaking or near-record cyberattacks it carried out last fall. The botnet was offered as a ‘booter’ service that provided brute-force disruptive capabilities to anyone willing to pay. It had also been used against the gaming service Minecraft and independent cybersecurity journalist Brian Krebs.

The US says its operation ran simultaneously with law enforcement actions in Canada and Germany, which specifically targeted the individuals operating the botnets.

US Attorney Michael J. Heyman for the District of Alaska, in a statement about the takedown, said, “The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardise its security, wherever they might live.”