The big picture: The US Department of Justice (DoJ) recently revealed a global effort to take down the infrastructure of RSOCKS, a large Russia-based botnet disguised as a proxy service. The DoJ worked with law enforcement in the UK, Germany and the Netherlands in a coordinated effort to disrupt the organization’s operations. The botnet, which sold the IP addresses of hacked devices to users of its proxy service, included millions of devices worldwide, ranging from garage door openers to IoT devices. The seizure is the result of investigations dating back to 2017.
The Botnet RSOCKS originally targeted IoT devices such as industrial control systems, clocks, streaming devices, etc. As the botnet grew, it expanded to include desktops, laptops, and standard Android devices. The IP addresses of these devices were collected, stored, and sold to any hacker willing to pay the asking price through a web storefront. Using this storefront, RSOCKS hackers were charged $30 to $200 per day for access to 2,000 and 90,000 proxies, respectively.
Once purchased, hackers were given the ability to download a list of IP addresses used to route malicious traffic to legitimate devices, allowing them to mask the true point of origin of the traffic. The site has since been seized by the DoJ and is now redirecting users to the following post and link for more information.
The Federal Bureau of Investigation (FBI) began investigating RSOCKS and made several undercover purchases in early 2017. The purchases gave investigators access to the RSOCKS botnet, leading them to identify 325,000 compromised devices through brute force attacks. Affected devices included large entities such as a university, hotel, television station, and electronics manufacturer as well as numerous small businesses and individuals. Several identified victims were contacted and subsequently worked with federal investigators to replace their compromised devices with jars of honey to further aid investigative efforts.
Botnets are large pools of infected devices used to perform a number of attacks against legitimate targets. Infected devices, also known as zombies, allow hackers to read and write data, obtain personal data, monitor activity, scan for additional vulnerabilities, and install and run other applications on the device, all without the consent of the owner. Infected devices can also be used to distribute malicious traffic while obscuring the information’s true point of origin.
The FBI continues to actively identify, investigate, and counter cyber threats by partnering with law enforcement agencies around the world. Any victim of cybercrime is encouraged to contact and report cyber incidents through the Internet Crime Complaint Center (IC3). The site provides affected parties with the tools to file a complaint as well as information to help determine who should file, what should be filed and what happens once a complaint is filed.
Image credit: Global network by royyimzy25414