Hey everyone. I'm Drex and this is the two minute drill. Great to see everyone today. Here's some stuff you might wanna know about. Okay? I'm gonna talk a little tech, and then I'm gonna tell you a really cool story, so hang with me a quick. Definition before we kind of get into this. A botnet is a network of compromised devices and they're often those devices that are sort of cheap network things that you buy and plug in and you forget about.

We often refer to them as Internet of Things or IOT devices, like network cameras or. Your coffee maker or a piece of exercise equipment, they connect to your network, and those devices are sometimes hijacked by bad guys without you ever knowing. So think of a botnet as an army of devices built out of other people's hardware, other people's IOT.

There's a particular botnet called Kim Wolf that was the largest ever built at its peak, more than 2 million devices were part of its army. And again, these aren't surface or workstations. They're usually cheap off-brand. Little boxes that run Android and they usually cost like, you know, 40 or 50 bucks.

They're cheap things. They run TV apps and those fun little picture frames that swap photos every few minutes. Um, they're the kinds of things that you would find in a patient waiting room or in a break room or in your boss's office, something that's been there for years without an operating system update or a security update.

In October, 2025, the Kim Wolf botnets operators started pointing that army at various targets. When they do that, these are called DDoS attacks, distributed denial of service attacks. They're the kinds of attacks that, think of them, they're kind of like a fire hose. They're designed to flood a system with so much traffic, it can't respond to anything else.

And those IoT devices, all of them hitting the same website at the same time, can. Take that site down. That's just the one example. One of Kim Wolf's attacks peaked at 31.4 terabits per second. I know that's kind of techie, but it's the most powerful DDoS attack ever recorded. It lasted 35 seconds. No one's ever come close to breaking that record.

Kim Wolf was. A weapon built out of other people's electronic junk, and some of that junk is quite possibly hardware that's on your network, both at home and in the hospital. So there's this other company called Infoblox. They're kind of responsible for the Internet's plumbing and they manage part of the internet that allows.

Devices to find each other. So they see most of the Internet's traffic. Infoblox found that 25% of their enterprise clients, including healthcare organizations, were communicating to Kim Wolfe's servers. That doesn't mean they were potentially exposed, that means they were already compromised. They were already part of the botnet from inside their own perimeter.

By late 2025, Kim Wolf had baffled the FBI and Google and CloudFlare and some of the best threat intelligence teams in the world. The botnet doubled in size in a single week and no one could figure out how it worked. But there was this one guy. He was fascinated by this IOT Army and he didn't work for any of the big cybersecurity companies.

Benjamin was a 22-year-old undergrad at Rochester Institute of Technology. He'd been studying this odd residential proxy service capability that allowed bad guys to slip into networks and scanned for those cheap IoT devices and then enlist them in their army. And he'd heard about Kim Wolf and the Kim Wolf botnet.

Maybe more than heard about it, he'd become slightly obsessed with figuring out how it worked and who was behind it. So he spent some time sleuthing on Discord and Telegram apps, and with some effort, he eventually made contact with someone he thought might be part of the Kim Wolf botnet team, and he kept asking questions.

But he didn't wanna put too much pressure on this new contact that might cause the person to break off and stop the conversation. And like a lot of college students, Benjamin was really good at internet memes, so he'd send an appropriate meme from time to time to keep the conversation a little lighter.

There came a point in time in the conversation though, where he was asking some very probing, technical questions. He was fishing for a lot of hardcore technical detail, and after one of those sessions he sent a cat meme, a cute little clip showing somewhat adjusting the tie on a sweet little gray cat.

And it worked. The contact gave him the information he was looking for and that helped him take the next step in his investigation with a bunch of additional work. And it's pretty ingenious stuff, and I'm kind of blah, blah, lying over a lot of the technical efforts here, but read the article. If you're into that, it's fascinating.

Eventually Benjamin was able to document the whole process used by the folks who were driving the Kim Wolf botnet. By the way, Benjamin. Was doing a lot of this work while he was in the middle of midterm exams last winter at RIT, but he didn't let that slow him down. He was able to document how to fix the problem, and he contacted 11 of the largest companies that were providing those residential proxy services.

Those were the services that were allowing Kim Bot to access those IoT devices on your network mid, and contacted those companies and told them how to fix the problem. Within a few weeks, armed with Benjamin's research, a coalition of major tech companies, CloudFlare and Google and AWS, and Akamai and the Department of Justice and Germany and Canada all worked together on March 19th, 2026, they disrupted command infrastructure across four major botnets.

Kim Wolf was one of those, and Kim Wolf went from 2 million active devices to roughly 30,000. Down 98.5%. It turns out that sometimes the hero of the story isn't a long-term tenured security professional or a big cybersecurity company. Sometimes the hero turns out to be a college kid who wouldn't let go of a mystery and also had a knack for delivering a well-timed cat Me.

If that's it for today's two minute drill, I'd love to hear what you're thinking. Drop something in the comments. Return fire is always welcome. And as always, thanks for being here. Stay a little paranoid. I'll see you around campus.