US and Canadian authorities have arrested Jacob Butler, a 23-year-old from Ottawa, Canada, for allegedly building and running the KimWolf botnet — a massive network of hijacked home devices that was rented out to anyone willing to pay for a cyberattack. KimWolf quietly infected over a million devices, including digital photo frames, webcams, and other internet-connected gadgets that owners rarely think to secure or update. Attackers who rented access launched record-breaking DDoS attacks measuring nearly 30 terabits per second, overwhelming websites and online services and causing some victims more than a million dollars in losses. Butler faces up to ten years in prison on charges of aiding and abetting computer intrusion.
The takedown is a reminder that everyday smart home devices can be turned into weapons without the owner ever noticing. If you have older smart home gadgets, digital photo frames, or IP cameras connected to your home network, they may have been quietly drafted into botnets like this one. Keeping firmware up to date, changing default passwords, and placing IoT devices on a separate network segment (many home routers support a “guest network” for this) are the most effective defences.