US Shuts Down Massive Botnet That Masqueraded As a Proxy Service

The US says it’s dismantled a Russian botnet that compromised millions of devices and helped cybercriminals break into online accounts. 

The botnet was available on the open internet, ostensibly as a proxy server from a provider named RSocks. But in reality, the platform supplied hackers with access to hijacked computers, according(Opens in a new window) to the US Justice Department.  

To create the botnet, the operators hijacked numerous connected devices across the globe, including internet routers, video-streaming hardware, smart garage door openers, Android devices, and Raspberry Pi computers. 

Each of these devices was also assigned a unique IP address; they were owned by individuals, businesses, and public entities, such as a university, a hotel, a television studio, and an electronics manufacturer.

The owners of RSocks then rented out access to the hijacked devices to cybercriminals through monthly subscriptions that ranged from a few dollars per day to $200 for 2,000 proxies. “The customer could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic,” the Justice Department said. 

According to federal investigators, the botnet facilitated cybercrimes that often involved trying to break into people’s online accounts through password-guessing attacks. In other cases, hackers used the botnet to spread malware and phishing emails to victims. 

Recommended by Our Editors

The FBI first uncovered the botnet back in 2017 when it identified approximately 325,000 compromised devices that were part of the RSocks botnet. The Justice Department added:  “Through analysis of the victim devices, investigators determined that the RSocks botnet compromised the victim device by conducting brute force attacks,” which involves guessing the passwords through numerous attempts. RSocks backend servers then maintained a persistent connection to the compromised devices. 

The Justice Department didn’t go into details into how RSocks was taken down, or whether the operators behind the botnet were identified. So it’s possible remnants of the operation may return. But federal investigators say they disrupted the botnet with the help of law enforcement in Germany, the Netherlands, and the UK. The RSocks website has also been seized(Opens in a new window) and replaced with a banner from the FBI.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box