Vancouver web host White Falcon Communications and its owner Dmitri Glazyrin have filed a lawsuit against the Attorney General of Canada and two Canadian police for seized company servers and equipment in 2013. The seizure resulted from a US-led investigation into Citadel botnets, and the company alleges in the suit that the seizure effectively destroyed its business.
In June 2013, as US Marshalls were seizing servers from facilities in New Jersey and Pennsylvania suspected of operating Citadel botnets, Royal Canadian Mounted Police (RCMP) investigators Clint Baker and Paul Wrigglesworth carried out a warrant for White Falcon’s hardware.
“I believe that a computer…that has been associated with White Falcon Communications, was operating a command and control server,” RCMP Const. Wrigglesworth said in the search warrant, according to the Vancouver Sun. “This command and control server was controlling an unknown number of infected personal computers as a Citadel botnet.”
According to the Sun, Citadel malware had affected over five million people at a cost of $500 million at the time. The FBI and Microsoft identified White Falcon servers as Citadel botnet command and control servers. The warrant also mentioned that although the origin of the Citadel botnet is unknown, it is believed to have been operated from Russia or the Ukraine. White Falcon hosted many sites with the .ru TLD, and Glazyrin was raised and educated in Russia before immigrating to Canada.
Glazyrin maintains his innocence in the suit, which was filed in early November. “It is well known in the Internet security industry that legitimate businesses can be affected by botnet infections and indeed, the United States of America have a number of legitimate online business [sic] that had been affected with the ‘Citadel’ malware,” the claim states. “It did not occur to the Defendants Wrigglesworth and Baker that White Falcon Communications may have been the victim of the Citadel botnet and malware and instead jumped to the erroneous conclusion that the Plaintiffs herein were actively engaged in the crime of unauthorized use of a computer and possession of [sic] device to obtain computer service.”
Legitimate businesses which have been affected by botnet infections include industry leaders like Amazon and GoDaddy, which Solutionary found hosted a combined 30 percent of malware in a January report.
Several other incidents of cybercrime allegedly involving Russia have occurred since the seizure, including the theft of 1.2 billion credentials in what may be the largest data breach ever, which was revealed in August, as well as a recent breach of White House computer networks.