The US Department of Justice, together with law enforcement partners in Germany, the Netherlands and the UK, brought down a Russian botnet known as RSOCKS that initially targeted Internet of Things (IoT) devices and then expanded into compromising Android devices and conventional computers.
A botnet is a group of hacked internet-connected devices that are controlled as a group without the owner’s knowledge and typically used for malicious purposes.
“The RSOCKS botnet compromised millions of devices throughout the world,” said US Attorney Randy Grossman.
“Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible,” he said in a statement.
Rather than offer proxies that RSOCKS had leased, the botnet offered its clients access to IP addresses assigned to devices that had been hacked.
The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
“This operation disrupted a highly sophisticated Russia-based cybercrime organisation that conducted cyber intrusions in the US and abroad,” said FBI Special Agent in Charge, Stacey Moy.
Once purchased, the customer could download a list of IP addresses and ports associated with one or more of the botnet’s backend servers.
The customer could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic.
“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymising themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DoJ explained.