Defence Intelligence (company)

Defence Intelligence, often referred to as Defintel, is an information security company based in Ottawa, Ontario, Canada. The company characterizes itself as offering services for "advanced compromise protection." Their marketing materials describe their services as being for the detection and prevention of compromised systems on a network, and include their Nemesis Compromise Protection (Nemesis) and Harbinger Compromise Assessment (Harbinger) services.

Defence Intelligence was the security company that discovered the Mariposa botnet in 2008, which consisted of 8 to 12 million individual zombie computers at the time of its dismantling in 2009.

History
Defence Intelligence was founded in 2008 by Christopher Davis, a Canadian security consultant who had previously aided in identifying an 18-year-old hacker in 2000 that stole 26,000 credit card numbers from e-commerce sites. Chris Davis collaborated along with Dan Kaminsky to inform key agencies in the Canadian government about the DNS cache poisoning flaw. Prior to founding Defence Intelligence, Davis was the director of threat analysis for the Atlanta-based security company Damballa (company).

In 2008, Defence Intelligence discovered the Mariposa botnet, one of the largest known botnets to date. In 2009, the Mariposa Working Group was formed. The MWG, consisting of members from Defence Intelligence, Panda Security, Neustar, Directi, and Georgia Tech Information Security Center, worked with international law enforcement to dismantle the botnet and aid in the arrest of the suspected creator and controllers of the botnet.

In 2011 Keith Murphy, founder and president of non-profit One Dollar Nation, became CEO of Defence Intelligence. While no formal press release was made stating this change, numerous news articles began referring to Keith Murphy as CEO. In that same year the company released Nemesis 2.0, the most current version of their main service and launched a new website with updated branding.

Mariposa
Mariposa, meaning "butterfly" in Spanish, was the name given to the botnet as a whole due to its usage of the malware program "Butterfly bot". The botnet was composed of millions of infected or zombie computers controlled by the same operators. The number of computers infected by Mariposa was between 8 and 12 million spread over 190 countries. Victims included more than half of the US Fortune 1000 companies as well as numerous governments and financial and educational institutions. Mariposa was used for denial of service attacks, spamming, and personal information theft. It was capable of spreading via MSN, peer to peer networks, and USB keys.

The Spanish national police Civil Guard (Spain) arrested three men in February 2010 for suspected involvement with the Mariposa botnet. In July 2010 the suspected creator of the "Butterfly bot" malware was arrested by Slovenian police.