Canadian authorities arrested a 23-year-old Ottawa resident Wednesday on charges of building and operating Kimwolf, an Internet-of-Things botnet that compromised millions of devices. The suspect, publicly identified as "Dort" by KrebsOnSecurity in February 2026, faces criminal hacking charges in both Canada and the United States.
Kimwolf spread rapidly across IoT networks over a six-month period, converting infected devices into nodes for executing massive distributed denial-of-service attacks. The botnet's operator leveraged the compromised infrastructure to launch coordinated DDoS campaigns, doxing operations, and swatting attacks. KrebsOnSecurity identified the suspect after becoming a direct target of these campaigns, which also targeted a security researcher.
The arrest represents a significant disruption to a botnet operation that demonstrated the scale of IoT vulnerabilities in consumer and enterprise networks. IoT devices, often deployed with minimal security hardening and rarely updated, remain attractive targets for botnet operators seeking command-and-control infrastructure at scale. Kimwolf's rapid propagation indicates the malware exploited common misconfigurations or unpatched vulnerabilities in routers, cameras, and other connected devices.
DDoS attacks launched through botnets like Kimwolf pose direct threats to critical infrastructure, financial services, and online platforms. Organizations operating internet-facing services depend on DDoS mitigation services to absorb traffic floods from distributed sources. The botnet's use in doxing and swatting campaigns adds additional harm, exposing individuals to harassment and physical danger.
The dual jurisdiction prosecution reflects increasing cooperation between Canadian and U.S. law enforcement on cybercrime. Cross-border botnet operations complicate enforcement, but coordinated charges strengthen prosecution cases and signal deterrence.
The arrest does not eliminate the Kimwolf botnet entirely.