On May 22, 2026, the U.S. Department of Justice announced the arrest of a 23-year-old in Ottawa for allegedly running Kimwolf, a DDoS-for-hire botnet that prosecutors say issued more than 25,000 attack commands and helped power record-setting floods peaking at 31.4 terabits per second. According to the indictment, Kimwolf is a variant of AISURU that specifically targeted Android devices with an exposed Android Debug Bridge (ADB) service — and the device class the DoJ called out by name was striking: "digital photo frames and web cameras."
That language matters. The Kimwolf victims weren't enterprise servers or IoT toys built by sketchy vendors no one has heard of. They were Android-powered cameras and frames — the same form factor millions of people are now building on purpose, by reaching for the old phone in a drawer and turning it into a security camera, a nursery monitor, or a wildlife cam. The Hacker News covered the arrest here; the DoJ press release is here. Forty-five DDoS-for-hire storefronts were seized in parallel.
If you've repurposed an Android phone as a camera — or you're thinking about it — this is a moment to look at your setup and ask the question the DoJ is essentially forcing on the camera-app industry: what services on this phone are reachable from outside your network, and who is on the other end of them?
