Ukrainian law enforcement authorities on Monday revealed the arrest of a hacker responsible for creating and managing a “powerful botnet” made up of more than 100,000 slave devices that was used to carry out distributed denial of service (DDoS) attacks and spam attacks on behalf of paying customers.
The anonymous individual, originally from the Ivano-Frankivsk region, is also said to have used the automated network to detect vulnerabilities in and enter websites, as well as to launch brute-force attacks to guess the passwords of e -mails. Ukraine’s police agency said it searched the suspect’s home and seized his computer equipment as evidence of illegal activity.
“He searched for clients on closed forums and Telegram chats and payments were made through blocked electronic payment systems,” the Security Service of Ukraine (SSU) said in a press release. Payments were made easier through WebMoney, a Russian money transfer platform banned in Ukraine.
But in what appears to be a trivial opsec error, the actor registered the WebMoney account with his legitimate address, allowing officials to focus on his whereabouts.
The development comes weeks after Russian cybersecurity firm Rostelecom-Solar, a subsidiary of telecoms operator Rostelecom, revealed late last month that it had engulfed part of the Mēris DDoS botnet which is known to have co-opted around 250,000 hosts in its network.
By intercepting and analyzing the commands used to control infected devices, the company said it was able to “detect 45,000 network devices, identify their geographic location and isolate them from the botnet.” More than 20% of the attacked aircraft are in Brazil, followed by Ukraine, Indonesia, Poland and India.