Brain behind Bredolab botnet arrested

RNW archive

This article is part of the RNW archive. RNW is the former Radio Netherlands Worldwide or Wereldomroep, which was founded as the Dutch international public broadcaster in 1947. In 2011, the Dutch government decided to cut funding and shift RNW from the ministry of Education, Culture and Science to the ministry of Foreign Affairs. More information about RNW Media’s current activities can be found at

A 27-year-old Armenian has been arrested in connection with the Bredolab criminal computer network dismantled by the Dutch investigators on Monday. He was detained at Armenia's Yerevan Airport at the request of the Dutch Public Prosecution Office, and is thought to be the brain behind the network.

A special team of investigators the High Tech Crime Team dismantled the network known as Bredolab. Bredolab is a so-called botnet, which has infected at least 30 million computers throughout the world since July 2009.

The High Tech Crime Team - acting in cooperation with a Dutch web hosting company, the Dutch Forensic Institute (NFI), Dutch internet security organisation GOVCERT.NL (the official Dutch computer emergency response team) and IT security company Fox.It - seized 143 infected computer servers and disconnected them from the internet, according to the Public Prosecution Office's own report on its website.

The Armenian had since tried to regain control of the botnet. When this failed he launched an attack using 220,000 infected compters on the system of the web-hosting company. This too was thwarted by disconnecting three computer servers in Paris from the internet.

The computer servers used by Bredolab were hired in the Netherlands from Leaseweb, the country's biggest web-hosting company. Leaseweb gave its full cooperation to the investigation.

Bredolab is also the name of so-called Trojan (horse), a virus which enters computers unnoticed and allows other harmful software (malware) to be downloaded. The cybercriminal or criminals have used Bredolab to steal financial data and passwords. It has also been used to spy on the computer's activities and record keystrokes.

Owners of infected computers will receive a notice next time they start up their computers that their hardware is infected. They will also be given information about how to get rid of the virus. So far some 100,000 computer owners have been informed and 55 of them have reported that their hardware is infected.



© Radio Netherlands Worldwide