Rapper Bot allegedly used between 65,000 and 95,000 infected devices for DDoS attacks
Pro
Image: Pexels
Federal prosecutors in the US have charged an Oregon man for allegedly running a global botnet-for-hire operation called Rapper Bot that used hacked IoT devices to conduct large-scale distributed denial-of-service (DDoS) attacks.
Authorities charged Ethan Foltz, 22, with one count of aiding and abetting computer intrusions. Police executed a search warrant at Foltz’s house on 6 August, shut down the botnet and took control of its infrastructure, according to the US Department of Justice.
Rapper Bot allegedly used between 65,000 and 95,000 infected devices for DDoS attacks that often measured between two and three terabits per second. The largest attack may have exceeded six terabits per second, prosecutors said.
Rapper Bot was “one of the most powerful DDoS botnets to ever exist,” said Michael Heyman, the US attorney in Alaska, where authorities believe the botnet infected at least five devices.
The Defense Criminal Investigative Service (DCIS) is investigating the case because some of the attacks targeted US defense contractors.
“The outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” Heyman said in a statement.
The botnet, also known as Eleven11 and CowBot, compromised large numbers of Wi-Fi routers, digital video recorders and other internet-of-things devices with malware, which it then used to order the devices to target computers and servers around the world.
Foltz allegedly monetised Rapper Bot by charging other cyber criminals to use it for attacks. In some cases, those criminals used the botnet for attacks that attempted to extort victims.
The botnet has conducted more than 370,000 attacks and infected more than 18,000 unique victims since April, prosecutors said.
Victims were located in more than 80 countries, including several US technology companies, a widely used social media platform and a US government agency.
AWS said it helped reverse engineer the IoT malware and identified the command and control infrastructure.
The Department of Justice declined to share more information about the case. An attorney representing Foltz could not immediately be reached for comment.
Cybersecurity Dive