The U.S. Department of Justice (DOJ) seized a Russian-controlled proxy server known as RSOCKS. In a statement released on Thursday, the DOJ stated that the infrastructure of the large-sized botnet RSOCKS had been completely dismantled. The Russian-operated botnet is responsible for hacking millions of computers and other connected electronic devices.
A message on the seized website states that it has been detained by the Federal Bureau of Investigation (FBI) following a seizure warrant obtained by multiple government security agencies. DOJ’s efforts were actively supported by security agencies in Germany, the United Kingdom, and the Netherlands, as well as numerous companies from the private sector.
Russian cybercriminals controlled the group of hacked internet-connected devices. The hackers were selling access to compromised devices without the owner’s knowledge. Those devices and their I.P. addresses were then actively used for malicious purposes such as major attacks against authentication services, also known as credential stuffing. The botnet also allowed hackers to anonymize themselves when accessing compromised social media accounts. The botnet also allowed cybercriminals to hide well when distributing phishing emails.
RSOCKS’ Twitter account claims that the service has access to more than 8 million residential proxies and over a million mobile I.P.s whose locations span across tens of countries.
Every device of such botnets connected to the internet is assigned an Internet Protocol (I.P.) address, and any of those compromised devices was available for criminals to use however they want. According to the search warrant affidavit unsealed on Thursday last week, the RSOCKS botnet mainly targeted IoT devices such as routers, audio/video streaming devices, smart garage door openers, etc. However, the botnet extended its reach and started including Android devices and conventional computers.
Government agencies say that the seizure of the proxy server is just the first step in delivering justice to the victims, including public and private entities, universities, hotels, T.V. studios, home businesses, individuals, and electronics manufacturers. The agencies will also actively work towards prosecuting the people responsible for the operation of RSOCKS. Sadly, no arrests have been announced yet, so the people behind RSOCKS are out there and might be already working on another project.
RSOCKS is not the only botnet disrupted by the FBI. In April, the DOJ managed to take down the Russian GRU-backed botnet Cyclops Blink. Earlier this year, DOJ also seized control of RaidForums – a marketplace popular among cybercriminals. Hydra Market, Russia’s largest darknet market, also got hit by U.S. and German cyber intelligence officers in 2022.
One of the best ways to ensure your connected devices are not part of a large botnet controlled by hackers is always operating them with the latest firmware. Additionally, using default login credentials on smart devices makes them vulnerable – on many occasions, the use of default passwords is how hackers end up being able to compromise intelligent devices. Setting up a separate WiFi network that is only used by IoT devices is also a good idea, as critical devices are isolated from possibly compromised IoT devices. Lastly, having reliable antivirus software installed on all connected devices is a must as it gives you another layer of security that, in most cases, ends up being a dealbreaker for cybercriminals.