Ukrainian police arrest DDoS operator controlling 100,000 bots

Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers.

DDoS for hire

The threat actor was arrested at his home in Prykarpattia where he was allegedly using the botnet to perform DDoS attacks or to support other malicious activity for his clients.

This activity included brute-forcing login credentials at web sites, performing spamming operations, and to penetration testing on remote devices to identify and exploit vulnerabilities. 

According to the SSU announcement, the hacker wasn’t simply using the sheer power of his botnet to take down sites. Instead, he also performed reconnaissance and penetration testing to identify and exploit vulnerabilities in the target websites. 

Opsec mistake

A press release by the Ukrainian SSU states the hackers found his customers on private forums and Telegram channels, where he was paid through electronic platforms such as ‘Webmoney’ for his illicit activity. This payment platform is subject to sanctions in Ukraine.

The actor registered an account on Webmoney with his real address, allowing Ukrainian police to find where he lives. In the home, law enforcement seized computer equipment that controlled the botnet, effectively shutting down the malicious operation. 

The Ukrainian hacker is now facing charges for the violation of Part 2 of Art. 361-1 of the Criminal Code of the country, relevant to the distribution and sale of malicious software, and the interference with the work of computers and networks. 

These charges could incur severe penalties like several years of imprisonment, but the police will first have to fully evaluate the evidence that is stored in the seized systems to determine the full scope of the hacker’s acts. 

This arrest continues worldwide law enforcement operations to disrupt DDoS attacks that can cause wide-reaching impact against businesses and infrastructure.

Last month, the US Department of Justice charged an operator of the WireX Android botnet for a distributed denial-of-service attack on a multinational hotel chain.