A joint action of the application of international laws has closed two services accused of having provided a botnet of hacked devices connected to the Internet, including routers, cybercriminals. American prosecutors also charged four people accused of hacking the devices and managing the botnet.
Wednesday, the websites of Anyproxy and 5socks were replaced by opinions indicating that they had been seized by the FBI as part of an operation to apply the law called “Operation Moonlander”. The opinion said that the actions of the police were carried out by the FBI, the Dutch national police (Politia), the US prosecutor’s office for the North District of Oklahoma and the United States Ministry of Justice.
On Friday, American prosecutors announced the dismantling of the botnet and the indictment of three Russians: Alexey Viktorovich Cherletkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin; And Dmitriy Rubtsov, a national from Kazakhstan. The four are accused of having taken advantage of the execution of any turpy and 5socks under the pretext of offering legitimate proxy services, but which, according to prosecutors, were built on hacked routers.
CHERTKOV, Morozov, RubtSoyv and Shishkin, who all live outside the United States, targeted older models of wireless internet routers that knew vulnerabilities, compromising “thousands” of these devices, according to the act of implementation now subscribed.
In control of these routers, the four individuals then sold access to the botnet on Anyproxy and 5socks, active services since 2004, according to their websites and the busy authorities.
Residential proxy networks are not illegal alone; These offers are often used to provide customers with IP addresses to access geoblooked content or bypassing government censorship. Anyproxy and 5socks, however, would have built their network of proxies – some of them made of residential IP addresses – by infecting thousands of vulnerable devices connected to the Internet and by effectively transforming them into a botnet used by cybercriminals, according to the Ministry of Justice.
“In this way, the Internet traffic by Botnet subscribers seemed to come from IP addresses attributed to compromised devices rather than the IP addresses attributed to the devices that subscribers really used to carry out their activity online,” read the indictment.
Techcrunch event
Berkeley, that
|
June 5
Book
“The conspirators acting via 5socks have publicly marketed the Anyproxy Botnet as a residential proxy service on social networks and online discussion forums, including cybercriminal forums,” added the indictment. “These residential proxy services are particularly useful for criminal hackers to provide anonymity during the validation of cybercrimes; Residential – as well as IP commercial addresses are generally supposed by Internet security services as much more likely to be legitimate traffic. ”
According to the DoJ press release, the four have earned more than $ 46 million by selling access to the botnet.
An FBI spokesperson had no comments when reached by Techcrunch. The Doj and the Dutch national police did not respond to requests for comments.
Ryan English, a researcher at Black Latus Labs, told Techcrunch before domain crises that the two services had been used for several types of abuse, including password spraying, the launch of attacks distributed by Deni de Service (DDOS) and advertising fraud.
Friday, Black Lotus Labs, a team of researchers accommodated in the Lumen cybersecurity company, published a report indicating that they have helped the authorities to follow the proxy networks. As Black Lotus explained it in its report, the botnet was “designed to provide anonymity to malicious online actors”.
The Englishman told Techcrunch that he and his colleagues are convinced that Anyproxy and 5socks are “the same pool of proxies managed by the same operators, just under a different name” and that “most of the botnet was routers, all kinds of creation and end -of -life models”.
According to the report and on the basis of the visibility of the global Lumen network, the botnet had “an average of around 1,000 weekly active indicators in more than 80 countries”.
Spur, a company that follows proxy services on the Internet, also worked on the operation. The co-founder of Spur, Riley Kilmer, told Techcrunch that even if 5socks is one of the smallest criminal networks that the company follows, the network had “gained popularity for financial fraud”.
This story has been updated to include the non-command of the FBI.
