The US DOJ has accused the administrator of the WireX Android botnet of launching a distributed denial-of-service (DDoS) attack against an American major hotel chain.
The defendant, Izzet Mert Ozek, targeted the company’s online booking system website in August 2017 with the botnet, which comprised thousands of trapped Android devices — over 120,000 based on the unique IP addresses discovered in certain WireX attacks.
According to a DOJ press release, the hospitality firm, which handled luxury hotels and resorts, was based in Chicago, and its website’s servers were situated in northern Illinois.
As per court documents, the attacker used a DDoS attack to send massive volumes of computer network traffic to Company A’s servers, which housed the company’s website and online booking service, forcing the attack to absorb all available resources, leaving no or limited resources to accommodate regular users.
On Wednesday, Ozek was charged with one count of willfully causing harm to a protected computer, which invites a maximum term of 10 years in prison.
The defendant has not yet been apprehended, nor has a warrant been issued for his arrest. He is thought to be residing in Turkey at the moment.
The DOJ doesn’t reveal whether Ozek was an operator, a client, or a WireX botnet admin. However, his LinkedIn page lists him as the creator of the AxClick business.
The WireX botnet was discovered in mid-July 2017 and was created with the help of hundreds of trojanized applications distributed through the Google Play Store and third-party application stores.
On August 17, it was discovered by security experts when found employed in large-scale Layer 7 (application-level) DDoS attacks against numerous Content Delivery Networks (CDNs) and content providers, depleting server memory resources and bringing down internet services.
According to experts that looked into these occurrences, the botnet conducted DDoS attacks employing bots from over 100 countries and over 120,000 concurrent IP addresses. After these attacks, the botnet was brought down by August 2017’s end.