International cybercrime investigation leads to arrest of Ottawa man
An international probe into a pair of expansive botnets culminated in a charging action in Ottawa as authorities unraveled a malware operation that allegedly infected millions of devices worldwide and fueled large-scale online disruptions.
The investigation centered on two networks, code-named Kimwolf and Aisuru, which investigators say were responsible for some of the most significant disruptions of online services through coordinated floods of traffic. A DDoS attack works by overwhelming a target’s servers with illegitimate requests, causing slowdowns or outages. Officials note that such crimes cross borders, with consequences felt far from where the attack originates.
As the probe unfolded, law enforcement partners in Canada, the United States, and parts of Europe tackled both the criminal operators and the infrastructure supporting the botnets. Canadian authorities described the effort as a major, cross-border sting designed to cut off the command-and-control channels that drive these networked attacks.
U.S. authorities have reported that victims faced substantial remediation costs, and some campaigns carried demands for payment in exchange for halting the outages. In the case file, the two botnets allegedly issued tens of thousands of attack commands, enabling coordinated strikes against computers and servers across multiple regions.
Authorities say the operators leveraged a cybercrime-as-a-service model, selling access to compromised devices to other criminals who then used those devices to participate in widespread DDoS campaigns. The scale of the operations, according to officials, allowed attackers to coordinate numerous assaults from a single, centralized command structure.
Some of the recorded attacks reached extreme bandwidths, with officials describing several incidents as among the most intensive traffic floods documented, measured in the tens of terabits per second scale.
In Ottawa, investigators conducted a search at a residence on March 19, seizing a range of electronic devices as part of the ongoing inquiry.
A 23-year-old named Jacob Butler faced charges including unauthorized use of computers, possession of devices intended to facilitate unauthorized access, and related mischief involving digital data. He remained in custody as proceedings were scheduled to continue, with a court appearance expected later in the month.
Officials connected Butler to activities tied to both Kimwolf and Aisuru, underscoring the link between the Ottawa operation and the broader international investigation. Law enforcement highlighted the growing threat cybercrime poses to individuals, organizations, and critical infrastructure, and urged the public and organizations to strengthen security practices and report anything suspicious to local police or national cyber security agencies.
The investigation involved coordinated actions across national borders, with continued efforts to disrupt the botnets and prevent further harm to online services, including gaming platforms and other services that rely on stable, responsive networks.
