The article tries to identify the person behind the Kimwolf botnet operator handle “Dort” by connecting public clues from old usernames, email addresses, forum accounts, domain registrations, and chat logs. Krebs says those clues point toward a person named Jacob Butler from Ottawa, Canada, tying the “Dort” identity to earlier aliases like CPacket, M1ce, and DortDev. The post also links those identities to older activity in Minecraft cheating communities, cybercrime forums, CAPTCHA-bypass tools, temporary email services, and SIM-swapping circles—arguing that the same online persona appears repeatedly across several years of account abuse and fraud-related activity.

The article also explains why Krebs pursued this: after earlier reporting helped expose how Kimwolf spreads, “Dort” allegedly retaliated with harassment, doxing, DDoS abuse, email flooding, threats, and even a reported swatting incident targeting security researcher Ben Brundage. Near the end, Jacob Butler briefly responds and denies being the current operator, saying he left that world years ago and believes someone may be using his old accounts or impersonating him. Krebs presents that denial but says there are inconsistencies, including similarities between Butler’s voice and recordings linked to the “Dort” persona. The overall message is that the evidence strongly suggests a real-world identity behind the handle, even though the accused person disputes it.

‍

Source: https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/