The U.S. Department of Justice has seized and dismantled the infrastructure of a Russian botnet used to hijack millions of devices worldwide for use as proxy servers.
According to prosecutors, Rsocks provided its web proxy service — operated by unnamed Russian cybercriminals — by hacking into millions of computers, smartphones and other devices, and converting them into unwitting proxy servers. This in turn allowed paying customers to use the IP addresses of the compromised devices without the permission or the knowledge of the owners.
On its end, Rsocks didn’t hide its network, boasting on Twitter that it provides access to more than eight million residential devices and more than one million mobile IPs.
Like VPNs, proxy services provide IP addresses to their clients so they could bypass censorship or access geo-blocked content that would otherwise be inaccessible to them. However, prosecutors claim Rsocks was allegedly hacking into millions of devices by conducting brute force attacks.
The service was presented to the users as a web-based “storefront” from where they could rent access to proxies for a specific time period. Once purchased, the customer could download a list of IP addresses and ports associated with one or more of the botnet’s backend servers, and then route Internet traffic through the compromised devices to mask or hide the true source of the traffic.
“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the Justice Department said in a press release.
FBI investigators made undercover purchases to get access to the Rsocks botnet to identify its backend infrastructure and victims. The initial purchase in early 2017 identified approximately 325,000 compromised victim devices, mainly in the U.S.
Among those were several large public and private entities as well as many home businesses, including a university, a hotel, a television studio and an electronics manufacturer.
“Cyber criminals will not escape justice regardless of where they operate,” said U.S. Attorney Randy Grossman.” Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible.”
Previously, in April, the FBI revealed that it had disrupted another botnet, known as Cyclops Blink, which was operated by a group of hackers working for Russia’s GRU, the country’s military intelligence unit.