Who was arrested for operating a massive IoT botnet?

Jacob Butler, also known as 'Dort', was arrested.

What were some devices targeted by the Kimwolf botnet?

Digital photo frames and web cameras were among the devices targeted.

Canadian Man Arrested for Operating Massive IoT Botnet

Q: Which authorities linked Butler to the operation of the Kimwolf botnet?

Authorities linked Butler through IP address data, online account information, transaction records, and records from messaging platforms obtained through legal process.

23-year-old Jacob Butler, also known as 'Dort', faces charges for operating Kimwolf botnet that enslaved millions of devices for DDoS attacks. The botnet caused financial losses exceeding one million dollars.

A 23-year-old Canadian man has been arrested and charged with operating a massive Internet-of-Things (IoT) botnet that enslaved millions of devices for use in distributed denial-of-service (DDoS) attacks. Jacob Butler, also known as "Dort," faces criminal hacking charges in both Canada and the United States.

The Kimwolf botnet, which targeted infected devices traditionally "firewalled" from the rest of the internet, such as digital photo frames and web cameras, was allegedly used to launch record-smashing DDoS attacks that resulted in financial losses exceeding one million dollars for some victims. The botnet is alleged to have issued over 25,000 attack commands.

What Happened

The arrest of Jacob Butler marks a significant development in the ongoing efforts to combat cybercrime and disrupt large-scale DDoS operations. According to court documents, Kimwolf targeted internet-connected devices that were typically protected from direct exposure to the wider internet, including digital photo frames and web cameras.

Once compromised, the devices became part of a botnet that operators rented out through a cybercrime-as-a-service model, giving customers access to infected systems used in DDoS attacks against targets worldwide, including Department of Defense Information Network (DoDIN) IP addresses. The Kimwolf botnet was tied to DDoS attacks measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume.

Authorities linked Butler to the operation of the Kimwolf botnet through IP address data, online account information, transaction records, and records from messaging platforms obtained through legal process. Independent security journalist Brian Krebs was the first to publicly identify Jacob Butler as the alleged Kimwolf botmaster.

Background and Context

The arrest of Jacob Butler follows an international law enforcement operation in March 2026 that disrupted infrastructure linked to the Aisuru, KimWolf, JackSkid, and Mossad botnets. The four botnets targeted in the operation infected millions of devices worldwide, primarily IoT systems such as digital video recorders, web cameras, and WiFi routers.

The Kimwolf botnet is just one example of a large-scale DDoS operation that has been disrupting online services and causing significant financial losses for victims. The use of IoT devices in these operations highlights the importance of securing these devices and preventing them from being compromised by cybercriminals.

Why it Matters to the Industry

The Kimwolf botnet's use of IoT devices to launch DDoS attacks has significant implications for the adult industry, which relies heavily on online streaming and webcam infrastructure. The ability of cybercriminals to compromise large numbers of IoT devices and use them in DDoS attacks poses a significant threat to the stability and security of these platforms.

The Kimwolf botnet's use of a cybercrime-as-a-service model also highlights the importance of age verification and moderation on online platforms. The ability of cybercriminals to rent out infected systems used in DDoS attacks against targets worldwide underscores the need for robust measures to prevent and detect such activities.

What Comes Next

The arrest of Jacob Butler marks a significant development in the ongoing efforts to combat cybercrime and disrupt large-scale DDoS operations. The case highlights the importance of international cooperation and collaboration between law enforcement agencies, security researchers, and online platforms to prevent and detect such activities.

The Kimwolf botnet's use of IoT devices to launch DDoS attacks also underscores the need for robust measures to secure these devices and prevent them from being compromised by cybercriminals. The adult industry must take steps to ensure that its online platforms are secure and resilient against such threats.

Key Facts

Jacob Butler, a 23-year-old Canadian man, has been arrested and charged with operating the Kimwolf botnet.
The Kimwolf botnet targeted infected devices traditionally "firewalled" from the rest of the internet, such as digital photo frames and web cameras.
The botnet was allegedly used to launch record-smashing DDoS attacks that resulted in financial losses exceeding one million dollars for some victims.
Authorities linked Butler to the operation of the Kimwolf botnet through IP address data, online account information, transaction records, and records from messaging platforms obtained through legal process.
The arrest follows an international law enforcement operation in March 2026 that disrupted infrastructure linked to four large DDoS botnets.