After hacking millions of devices, DoJ operation shuts down RSocks botnet


Posts: 146   +12
The big picture: The U.S. Department of Justice (DoJ) recently disclosed a worldwide effort to dismantle the infrastructure of RSOCKS, a large Russian-based botnet disguised as a proxy service. The DoJ worked with law enforcement from the U.K., Germany, and the Netherlands in the coordinated effort to disrupt the organization's operations. The botnet, which sold the IPs of hacked devices to users of its proxy service, included millions of devices around the world ranging from garage door openers to IoT devices. The seizure is the result of investigations dating back to 2017.

The RSOCKS botnet originally targeted IoT devices such as industrial control systems, clocks, streaming devices, etc. As the botnet grew, it expanded to include standard desktop, laptop, and Android-based devices. IPs from these devices were collected, stored, and sold to any hacker willing to pay the asking price via a Web-based storefront. Using this storefront, RSOCKS hackers were charged anywhere from $30 on the low end to $200 per day for access to 2,000 to 90,000 proxies, respectively.

Once purchased, the hackers were given the opportunity to download a list of IP addresses used to route malicious traffic across legitimate devices, allowing them to hide the traffic's true origination point. The site has since been seized by the DoJ and now redirects users to the following message and link for additional information.

The Federal Bureau of Investigation (FBI) began investigating RSOCKS and conducted several undercover purchases in early 2017. The purchases provided the investigators with access to the RSOCKS botnet, leading them to identify 325,000 devices that were compromised via brute force attacks. The impacted devices included large entities such as a university, hotel, television station, and an electronics manufacturer as well as numerous small businesses and individuals. Several identified victims were contacted and later worked with Federal investigators to replace their compromised devices with honeypots to further aid the investigation efforts.

Botnets are large pools of infected devices used to carry out any number of attacks against legitimate targets. Infected devices, also referred to as zombies, provide hackers with the ability to read and write data, obtain personal data, monitor activity, search for additional vulnerabilities, and install & run other applications on the device, all without the owner's consent. The infected devices can also be used to distribute malicious traffic while hiding the information's true origin point.

The FBI continues to actively identify, investigate, and counter cyber threats by partnering with enforcement agencies around the world. Any victims of cybercrime are encouraged to contact and report cyber incidents through the Internet Crimes Complaint Center (IC3). The site provides impacted parties with the tools to file a complaint as well as information to help determine who should file, what should be filed, and what happens once a complaint is filed.

Image credit: Global network by royyimzy25414

Permalink to story.


Avro Arrow

Posts: 3,340   +4,341
If your home security system (or garage door opener) is web-based, you're just BEGGING for trouble. That's something I would never do because I know how easy it is to circumvent. Vital things like that shouldn't be accessible from the internet.

Every time I see things like "Internet hackers take down oil pipeline" I'm forced to ask myself "Why the HELL would that be on the internet?". I'm just glad that they're smarter with things like nuclear codes (although the smartest thing would be to not have nukes to begin with).


Posts: 1,277   +1,556
Most of this problem is created by fools with compromised systems. They are as much of the problem as the haxors.


Posts: 182   +102
You want to take another crack at that headline? How about:
'After hacking millions of devices, RSocks botnet has been shut down by DoJ'
BTW, how long do you think it'll be before they get back in business?
Unfortunately organized cyber crime perpetrators in foreign countries are essentially immune to legal action! ,
How many pirating sites have been put out of business? And yet, there isn't a copy-righted anything that hasn't been pirated and is readily available online!

Ben Myers

Posts: 221   +86
"After hacking millions of devices, DoJ operation shuts down RSocks botnet"

Some headline!!! So the DOJ has hacked millions of devices? Parse the grammar! "After hacking millions of devices," applies to? Yes, the DOJ!