Canada's Royal Canadian mounted police swooped on a data center in the Burnaby, BC area this month, seizing computers that they say may be linked to a $500 million botnet.
The RCMP said that the computers, owned by web hosting firm White Falcon Communications, had links to the notorious Citadel botnet. The computers may have been used as command-and-control servers, the search warrant said.
The servers were seized from Burnaby co-location facility Arima Networks, which rents server space to different companies, including White Falcon.
White Falcon is owned by Dmitry Glazyrin, who was out of the country and unreachable at the time of writing.
“He probably has hundreds of customers on his own that he sells the space and equipment to,” said Curtis Look, president of Arima Networks, said of Glazyrin's operation. “I think it's all automated. You go to a website, and you order a server and you pay for it online.”
White Falcon Communications was still a customer following the RCMP seizure, Look added.
The Citadel botnet was originally taken down in June after a collaboration between Microsoft and the FBI. A month later, 88 percent of the botnet was said to have been removed. However, it began reappearing, according to security firm Trend Micro, which said that Japanese computers had been targeted in the botnet's latest incarnation.
