Ukrainian law enforcement authorities have arrested a hacker who created and managed a “powerful botnet” consisting of nothing less than 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The suspect’s residence was raided and computer equipment as evidence of illegal activity was seized.
The Security Service of Ukraine (SSU) in a press statement have stated that the Hacker would usually go on to closed forums and Telegram chats in search of customers and payments were made via blocked electronic payment systems and these payments were facilitated via WebMoney, a Russian money transfer platform banned in Ukraine.
However in what seems to be an trivial error, the hacker registered the WebMoney account with his legimitate address, thus allowing the officials to zero in on his whereabouts.
The development comes weeks after Russian cybersecurity firm Rostelecom-Solar, a subsidiary of the telecom operator Rostelecom, disclosed late last month that it had sinkholed a portion of the MÄ“ris DDoS botnet that’s known to have co-opted an estimated 250,000 hosts into its mesh.
By intercepting and analyzing the commands used to control infected devices, the company said it was able to “detect 45,000 network devices, identify their geographic location and isolate them from the botnet.” Over 20% of the devices attacked are located in Brazil, followed by Ukraine, Indonesia, Poland, and India.