U.S. prosecutors have charged a 22-year-old man for allegedly running one of the most powerful bot networks observed in recent years.
Ethan J. Foltz from Eugene, Oregon, was arrested Aug. 6 and stands accused of operating Rapper Bot, also known as “Eleven Eleven Botnet” and “CowBot.” The botnet spanned a network of hijacked internet-connected devices that fueled hundreds of thousands of cyberattacks worldwide.
According to investigators, Rapper Bot harnessed tens of thousands of compromised routers, digital video recorders and cameras to launch massive denial-of-service campaigns for paying clients. At its peak, the botnet was able to direct more than 6 terabits per second of malicious traffic, volumes that rival or exceed some of the largest attacks seen on record.
The operation is described as a “DDoS-for-hire” service, with Foltz allegedly renting access to criminal groups, including online gambling operators who used it in extortion schemes. Targets included organizations in about 80 countries, ranging from commercial platforms to U.S. government systems. Since April, the bot was allegedly used to conduct more than 370,000 attacks that targeted 18,000 unique victims.
One of the most high-profile victims was X, which was targeted by Rapper Bot on March 10. The attack caused intermittent outages across the social network, with a pro-Palestinian group called Dark Storm Team claiming responsibility at the time.
Security researchers had already flagged Rapper Bot activity in 2022, noting its aggressive exploitation of weak or default credentials on consumer IoT devices, but the botnet continued to expand despite takedown efforts until now.
The criminal complaint explains that Rapper Bot was allegedly employing roughly 65,000 to 95,000 infected victim devices to regularly conduct DDoS attacks.
“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” U.S. Attorney Michael J. Heyman for the District of Alaska, said in a statement.
Foltz is charged with one count of aiding and abetting computer intrusions. If convicted, Foltz faces a maximum penalty of 10 years in prison.
Image: News/Reve
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
