FBI and Dutch police seize and shut down botnet of hacked routers
On Wednesday, the websites of Anyproxy and 5Socks were replaced with notices stating they had been seized by the FBI as part of a law enforcement operation called 'Operation Moonlander.' The notice said the law enforcement action was carried out by the FBI, the Dutch National Police (Politie), the U.S. Attorney's Office for the Northern District of Oklahoma, and the U.S. Department of Justice.
Then on Friday, U.S. prosecutors announced the dismantling of the botnet and the indictment of three Russians: Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin; and Dmitriy Rubtsov, a Kazakhstan national. The four are accused of profiting from running Anyproxy and 5Socks under the pretense of offering legitimate proxy services, but which prosecutors say were built on hacked routers.
Chertkov, Morozov, Rubtsoyv, and Shishkin, who all reside outside of the United States, targeted older-models of wireless internet routers that had known vulnerabilities, compromising 'thousands' of such devices, according to the now-unsealed indictment.
When in control of those routers, the four individuals then sold access to the botnet on Anyproxy and 5Socks, services that have been active since 2004, according to their websites and the charging authorities.
Residential proxy networks are not illegal on their own; these offerings are often used to provide customers with IP addresses for accessing geoblocked content or bypassing government censorship. Anyproxy and 5Socks, however, allegedly built their network of proxies — some of them made of residential IP addresses — by infecting thousands of vulnerable internet-connected devices and effectively turning them into a botnet used by cybercriminals, according to the Department of Justice.
'In this way, the botnet subscribers' internet traffic appeared to come from the IP addresses assigned to the compromised devices rather than the IP addresses assigned to the devices that the subscribers were actually using to conduct their online activity,' read the indictment.
Techcrunch event
Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last.
Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last.
Berkeley, CA
|
BOOK NOW
'Conspirators acting through 5Socks publicly marketed the Anyproxy botnet as a residential proxy service on social media and online discussion forums, including cybercriminal forums,' the indictment added. 'Such residential proxy services are particularly useful to criminal hackers to provide anonymity when committing cybercrimes; residential‐as opposed to commercial‐IP addresses are generally assumed by internet security services as much more likely to be legitimate traffic.'
According to the DOJ's press release, the four are believed to have made more than $46 million from selling access to the botnet.
The FBI, DOJ, and the Dutch National Police did not respond to requests for comment.
Ryan English, a researcher at Black Lotus Labs, told TechCrunch ahead of the domain seizures that the two services were used for several types of abuse, including password spraying, launching distributed denial-of-service (DDoS) attacks, and ad fraud.
On Friday, Black Lotus Labs, a team of researchers housed within cybersecurity firm Lumen, published a report saying they helped the authorities track the proxy networks. As Black Lotus explained in its report, the botnet was 'designed to offer anonymity for malicious actors online.'
English told TechCrunch that he and his colleagues are confident that Anyproxy and 5Socks are 'the same pool of proxies run by the same operators, just under a different name,' and that 'the bulk of the botnet were routers, all kinds of end-of-life make and models.'
According to the report and based on Lumen's global network visibility, the botnet had 'an average of about 1,000 weekly active proxies in over 80 countries.'
Spur, a company that tracks proxy services on the internet, also worked on the operation. Spur's co-founder Riley Kilmer told TechCrunch that while 5Socks is one of the smaller criminal networks the company tracks, the network had 'gained in popularity for financial fraud.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Washington Post
41 minutes ago
- Washington Post
Trump's MAGA allies zero in on Ghislaine Maxwell as Epstein furor persists
As President Donald Trump has struggled to contain the stubborn fallout of the Jeffrey Epstein scandal, several of his staunchest supporters and conservative media allies think they have finally found the key to exposing a secret cabal of rich and powerful pedophiles. Some of MAGA's most prominent voices say without evidence that Ghislaine Maxwell, who was sentenced to 20 years for sex trafficking girls for Epstein, has inside knowledge that would help law enforcement bring untold elites to justice.
New York Times
41 minutes ago
- New York Times
How Hulk Hogan Leg-Dropped the Digital Media Industry
Among the 99.99 percent of Americans who are not journalists, Hulk Hogan's name most likely summons a charming and patriotic cloud of associations: vitamins, 'real American,' ripped shirts, leg drops, mustache, pectorals, 'brother.' But among our diminishing tribe, Hogan's wrestling persona falls away, and the man, Terry Bollea, looms larger. Because he — not Hogan — was the plaintiff in an invasion of privacy lawsuit, Bollea v. Gawker, that reshaped the whole landscape of the media business. The tawdry story begins at some point in or around 2006. Bollea was having trouble in his marriage and was, by his own account, severely depressed. One day, he visited the home of his friend, a Tampa shock jock named Bubba the Love Sponge Clem. Clem invited Bollea to have sex with his wife, Heather. The two apparently had an arrangement. But Clem also had a hidden camera in his bedroom — and what he probably didn't mention that day was that he was going to burn the footage onto a DVD, label it 'HOGAN' with a Sharpie, and leave it in an unlocked drawer. It took that tape somewhere around six years to reach the Manhattan offices of Gawker Media, in 2012. At the time, Gawker was no longer a gossipy blog for the media elite and those just outside the walls. It was that, plus a news aggregator, plus a tabloid, plus an occasional source of literary essays. It was, without question, the most interesting and unpredictable of the rising class of digital media properties. According to a later report by BuzzFeed News, Gawker's editor in chief, A.J. Daulerio, used a somewhat circular logic to determine the video had news value: A Hulk Hogan sex tape was fair game because there had previously been reported rumors about a Hulk Hogan sex tape. Consequentially, Daulerio made the decision not just to confirm the tape's existence and summarize its lurid contents but also to publish a roughly two-minute excerpt from it. Bollea's lawyers tried to have Gawker take the video down, but the site refused. In 2013, Bollea sued Gawker — as well as Daulerio and Gawker's founder, Nick Denton — for invasion of privacy, seeking damages of $100 million. Then, rather than settle the suit, as Gawker seemed to expect he would, Bollea spent years pursuing justice through the courts before finally winning at trial in 2016. In the end, the court ordered Gawker to pay $140 million in damages, forcing the company into bankruptcy. Its flagship site was eventually revived under different ownership, then shuttered again in 2023. (Daulerio's inciting post no longer exists, not even in the Internet Archive; the one apparently faithful copy I could find had been pasted contemporaneously on a message board connected to a boating lifestyle brand in Lake Havasu City, Ariz.) As Ben Smith recounts in 'Traffic,' his recent history of the rise of digital media, Daulerio was a creature of the earlier, meaner Gawker days. As editor of another Gawker property, Deadspin, he published questionably obtained pictures of athletes' penises, posted a link to peeping Tom footage of the ESPN reporter Erin Andrews changing in a hotel room, and published a video of a visibly drunk female college student having sex in a bar bathroom. According to a 2011 profile in GQ, Daulerio heard directly from a woman he took to be the person in the video, begging him to take it down; he initially refused, but relented the next day, admitting to the magazine that what the video depicted 'was possibly rape.' The Gawker that published the Hogan tape wasn't yet the website that it would become in the public imagination; digital media hadn't yet taken the crusading and moralizing form it would later that decade. In 2012, the site — and maybe the whole country — was on the other side of a fulcrum that was hard to see at the time. Just one year later, another Gawker site, Valleywag, would post the news that a completely unknown communications professional, Justine Sacco, had made a racially insensitive joke on Twitter, which led to her firing — and inaugurated a tumultuous new era in American life. The signals from the commingling worlds of digital and social media were clear: Not even a non-wrestling civilian could be totally sure that the beam would never be turned on them. Want all of The Times? Subscribe.
New York Times
41 minutes ago
- New York Times
Competing Conspiracy Theories Consume Trump's Washington
OK, so President Trump's name is in the Jeffrey Epstein files. But who put it there? Could it possibly have been Barack Obama from his prison cell? Or a tranquilized Hillary Clinton? Oh wait, maybe it was etched onto the documents by Joe Biden's magical autopen. Or wait, is that mixing up different scandals? It's so hard to keep up with the latest wild notions circulating in the capital and beyond. Washington is awash in conspiracy theories these days, a cascade of suspicion and intrigue promoted or denied in the Oval Office, ricocheting around Capitol Hill and cable news and propelled at warp speed across social media. No commander in chief in his lifetime has been as consumed by conspiracy theories as President Trump and now they seem to be consuming him. They have been the rocket fuel for his political career since the days when he spread the lie that Mr. Obama was secretly born overseas and therefore not eligible to be president. More than a decade later, Mr. Trump is coming full circle by trying to divert attention from the Epstein conspiracy theory with a new-and-improved one about Mr. Obama supposedly committing treason. The harmonic convergence of competing conspiracies has overshadowed critical policy issues facing America's leaders at the moment, whether it's new tariffs that could dramatically reshape the global economy or the collapse of cease-fire talks meant to end the war in Gaza. The Epstein matter so spooked Speaker Mike Johnson that he abruptly recessed the House for the summer rather than confront it. The allegations lodged against Mr. Obama so outraged the former president that he emerged from political hibernation to express his indignation at even having to address them. The whispers and questions — 'this nonsense,' as Mr. Trump put it — followed the president all the way to Scotland, where he landed Friday for a visit to his golf club. Want all of The Times? Subscribe.
