Security News > 2021 > September > WireX DDoS botnet admin charged for attacking hotel chain
The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service attack.
Izzet Mert Ozek, the defendant, used the botnet which consisted of tens of thousands of enslaved Android devices - more than 120,000 based on the unique IP addresses observed in some WireX attacks - to target the company's online booking system website in August 2017.
While the DOJ didn't reveal if Ozek was a customer, an operator, or a WireX botnet admin, BleepingComputer was able to link him to the infrastructure used by the botnet.
His LinkedIn page shows him as the founder of a company named AxClick, a term used in multiple sub-domains of a single root domain part of the WireX command and control infrastructure used to instruct the botnet to launch DDoS attacks against specific targets.
According to researchers who analyzed these mid-August incidents, the botnet launched DDoS attacks using bots from more than 100 countries, spread across more than 120,000 concurrent IP addresses.
Following these attacks, the botnet was quickly taken down by the end of August 2017, with the combined efforts of researchers from Akamai, Cloudflare, Flashpoint, RiskIQ, Google, Oracle Dyn, Team Cymru, some of its DDoS targets, other DDoS mitigation and intelligence firms, and the FBI. "This trust group was formed immediately following the initial massive attacks that originated from Mirai," Justin Paine, Head Of Trust & Safety at Cloudflare, told Bleeping Computer at the time.