The FBI, along with enforcement agencies in Germany, the United Kingdom and the Netherlands, has removed a major Russian botnet. The botnet, also known as RSOCKS, has affected millions of devices worldwide. In addition to private individuals, computers and IoT applications from a university, hotel and television studio were also hacked.
The US Department of Justice writes A press release⁇
This is what you need to know about botnet
A botnet is a network of infected computers or other (mobile) devices. The affected device is also called a Zombie The so-called, network administrator a Bone MasterOwners often do not realize that their hardware is part of a botnet. For example, the administrator uses infected devices Denial of service Or do a DDoS attack. It closes servers and websites with a large number of connection requests.
In addition to the DDoS attack, the botnet can also be used to send spam messages to Internet users. For this, criminals use Command and control servers (C&C servers). These servers are the nerve center or headquarters from which hackers receive stolen data and send spam. Through spam news, fraudsters are undoubtedly trying to get as much personal information as possible from the victims. This type of cybercrime is also known as phishing.
Hacking accounts with vicious attacks
RSOCKS Podmaster focuses primarily on devices with Internet of Things (IoT) applications. These are products that are connected to the Internet and interact with other devices in this way. Think of routers, devices for streaming videos and music, smart cameras and control systems used in business. These devices have nothing to do with having their own IP address.
Gradually, the botnet administrator expanded its network to include Android devices and traditional computers. At one point, RSOCKS contained millions of infected devices. Through this, the Boat Master hosted various shows Brutal attacks From. In a vicious attack, cyber criminals try to hack accounts by entering unlimited usernames and password combinations.
RSOCKS hid IP address from cybercriminals
Once part of the RSOCKS botnet, compromised devices were used as a proxy service. You can hide your own IP address with a proxy and browse the Internet anonymously. In fact, a proxy acts as an intermediary between you and the Internet to hide your identity and location from the outside world.
According to RSOCKS, victims were unaware that their equipment was being used to divert Internet traffic through their IP address. For a fee, hackers and cybercriminals can use infected devices as a proxy service. Customers can rent these proxies for a day, a week or a month. RSOCKS proxies cost $ 30 a day, giving you access to 2,000 proxies. For $ 200 a day, malicious parties can escape with 90,000 proxies.
‘Modern criminal system is in disarray’
After purchase, the customer is able to download a list of IP addresses and ports associated with one or more botnet backend servers. In this way, users were able to hide or disguise their (often malicious) cyber traffic through the victim’s infected devices. According to the U.S. Justice Department, buyers tried to attack authentication services and send phishing messages through RSOCKS proxies.
The website provided for the sale of proxies is taken offline. In addition to the FBI, law enforcement agencies in Germany, the United Kingdom and the Netherlands also assisted. “The move disrupted the most sophisticated Russian-based criminal organization that carried out cyber-infiltrations in the United States and beyond,” an FBI agent explained.
“Web specialist. Pop culture buff. Thinker. Foodaholic. Travel maven. Avid coffee junkie. Amateur tv advocate.”