After hacking millions of devices, DoJ operation shuts down RSocks botnet

The U.S. Department of Justice (DoJ) recently disclosed a worldwide effort to dismantle the infrastructure of RSOCKS, a large Russian-based botnet disguised as a proxy service. The DoJ worked with law enforcement from the U.K., Germany, and the Netherlands in the coordinated effort to disrupt the organization’s operations. The botnet, which sold the IPs of hacked devices to users of its proxy service, included millions of devices around the world ranging from garage door openers to IoT devices. The seizure is the result of investigations dating back to 2017.

The RSOCKS botnet originally targeted IoT devices such as industrial control systems, clocks, streaming devices, etc. As the botnet grew, it expanded to include standard desktop, laptop, and Android-based devices. IPs from these devices were collected, stored, and sold to any hacker willing to pay the asking price via a Web-based storefront. Using this storefront, RSOCKS hackers were charged anywhere from $30 on the low end to $200 per day for access to 2,000 to 90,000 proxies, respectively.

Once purchased, the hackers were given the opportunity to download a list of IP addresses used to route malicious traffic across legitimate devices, allowing them to hide the traffic’s true origination point. The site has since been seized by the DoJ and now redirects users to the following message and link for additional information.

The FBI continues to actively identify, investigate, and counter cyber threats by partnering with enforcement agencies around the world. Any victims of cybercrime are encouraged to contact and report cyber incidents through the Internet Crimes Complaint Center (IC3). The site provides impacted parties with the tools to file a complaint as well as information to help determine who should file, what should be filed, and what happens once a complaint is filed.