The US, Germany and the Netherlands have torn down a Russian botnet that hacked millions of computers around world. The FBI has announced the disruption of a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in America and abroad. The special agents leading this investigation are thankful to those who helped them identify these criminals, track their activity down ,and bring charges against them.”
What does the Authorities Think?
The RSOCKS botnet initially went after IoT devices, including industrial control systems and time clocks. The DOJ reports that the malware has since expanded to target Android phones as well conventional computers with its sophisticated capabilities for compromising these types of system.
“A legitimate proxy service provides IP addresses to its clients for a fee. Typically, the proxy service provides access to IP addresses that it leases from internet service providers (ISPs). Rather than offer proxies that RSOCKS had leased, the RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked,” DOJ explained.
Cyber Crime: What have we lost?
Cybercriminals had a pool of RSOCKS proxies at their disposal, and they could choose from $30 per day for 2k or an unlimited number on the basis of how much you are willing to pay.
When the FBI sought access to a botnet, they used an innovative approach. The undercover purchases enabled them not only identify 325K compromised devices worldwide but also locate many of these within San Diego County
“Several large public and private entities have been victims of the RSOCKS botnet, including a university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and individuals,” DOJ said.
The Next Step?
The Department of Justice announced today that they have arrested several people for using a secretive proxy service to conduct large-scale attacks against authentication services, also known as credential stuffing. The users would often anonymity themselves when accessing compromised social media accounts or sending malicious email such as phishing messages from these hackers’ behalf