RCMP investigators tracked the computers to a Russian businessman who was leasing server space in Burnaby. According to the warrant, the computers were used to command and control an "unknown number of infected personal computers."
The search warrant was obtained in June as part of an operation in which the FBI and Microsoft worked with police forces in 80 different countries, including the RCMP. The FBI contacted the Mounties with information about two suspicious IP addresses — one in Montreal and the other in Burnaby.
The search warrant alleges the man leasing the IP addresses and space was using bandwidth about six times bigger than all the other customers renting server space in the Burnaby facility combined, and that investigators tracked botnet activity through Russia and Germany back to several addresses in Burnaby.
No charges have been laid.
In June, Microsoft and the FBI announced a major break in the case after they successfully disrupted botnets controlling millions of computers.
The computers were infected via a type of malware called Citadel, which is estimated to have affected more than five million people in more than 90 countries.
Citadel records the keystrokes of people who use infected computers, allowing criminals controlling the software to steal login information and passwords when the victims do online banking or access other online accounts.