Why Hackers Fail to Remain Anonymous: The Case of "Dort" and the Kimwolf Botnet

The video examines why hackers—particularly low-level and commodity attackers—often fail to remain anonymous, using the case of "Dort," the creator of the Kimwolf botnet, as a primary example. Security researcher Brian Krebs uncovered Dort’s real identity, Jacob Butler, through open-source intelligence (OSINT) by linking a GitHub account, a Telegram alias referencing "Jacob," and a reused password tied to the email jacobbutler803@gmail.com, which included a likely birthdate (August 3). Common mistakes leading to de-anonymization include reusing online identities (e.g., aliases, emails, or passwords across forums, GitHub, or social media), human errors like boasting or anger-driven actions, and infrastructure leaks (e.g., exposing home IPs or misconfigured domains). Operational security (OPSEC) failures, such as signing off with real names or logging in from personal devices, and misplaced trust in VPNs, proxies, or collaborators further compromise anonymity. The Kimwolf botnet, composed of millions of infected IoT devices (notably outdated Android boxes), was dismantled after Krebs and another researcher exposed its infection methods. The video concludes that most hackers are de-anonymized due to sloppy OPSEC, not technical shortcomings, with elite hackers remaining unidentified precisely because they avoid such mistakes.