Authorities in the United States charged a Turkish national for launching distributed denial-of-service (DDoS) assaults against a Chicago-based multinational hospitality company using a now-defunct malware botnet.
Izzet Mert Ozek, 32, is accused of launching attacks against the Chicago multinational in August 2017 using WireX, a botnet developed using Android malware.
According to authorities, Ozek’s attacks caused infected Android devices to transmit massive volumes of online traffic to the company’s public website and online booking service, leading servers to crash.
As per the news release from the US Department of Justice, the charges were announced on September 29 in the Northern District of Illinois.
The press release stated, “In August 2017, IZZET MERT OZEK used the WireX botnet, which consisted of compromised Google Android devices, to direct large amounts of network traffic to the hospitality company’s website, preventing legitimate users from completing hotel bookings, according to an indictment returned Tuesday in U.S. District Court in Chicago. The hospitality company, which managed luxury hotels and resorts, was headquartered in Chicago and the servers for its website were located in northern Illinois.”
“The indictment charges Ozek, 32, with one count of intentionally causing damage to a protected computer. Ozek is believed to be residing in Turkey, and a warrant for his arrest will be issued.”
The official statement and indictment do not specify whether Ozek developed the WireX botnet himself or bought it from a third party. The botnet, which was created just a month before in July 2017, soon grew to gigantic size of more than 120,000 bots after its creator attacked Android smartphones with fraudulent Android apps.
Months after the disastrous Mirai malware attacks at the end of 2016, the cyber-security industry responded quickly to eliminate the emerging danger while it was still in its early phases.
A coalition of security firms, including Akamai, Cloudflare, Flashpoint, Google, Dyn, RiskIQ, and Team Cymr, launched an investigation weeks after the attack on the Chicago multinational company to track WireX’s bots and backend infrastructure and then seize and take down its command and control systems.