After hacking millions of devices, DoJ operation shuts down RSocks botnet

After hacking millions of devices, DoJ operation shuts down RSocks botnet

The big picture: The U.S. Department of Justice (DoJ) recently disclosed a worldwide effort to dismantle the infrastructure of RSOCKS, a large Russian-based botnet disguised as a proxy service. The DoJ worked with law enforcement from the U.K., Germany, and the Netherlands in the coordinated effort to disrupt the organization's operations. The botnet, which sold the IPs of hacked devices to users of its proxy service, included millions of devices around the world ranging from garage door openers to IoT devices. The seizure is the result of investigations dating back to 2017.


The RSOCKS botnet originally targeted IoT devices such as industrial control systems, clocks, streaming devices, etc. As the botnet grew, it expanded to include standard desktop, laptop, and Android-based devices. IPs from these devices were collected, stored, and sold to any hacker willing to pay the asking price via a Web-based storefront. Using this storefront, RSOCKS hackers were charged anywhere from $30 on the low end to $200 per day for access to 2,000 to 90,000 proxies, respectively.


Once purchased, the hackers were given the opportunity to download a list of IP addresses used to route malicious traffic across legitimate devices, allowing them to hide the traffic's true origination point. The site has since been seized by the DoJ and now redirects users to the following message and link for additional information.



The Federal Bureau of Investigation (FBI) began investigating RSOCKS and conducted several undercover purchases in early 2017. The purchases provided the investigators with access to the RSOCKS botnet, leading them to identify 325,000 devices that were compromised via brute ..

Support the originator by clicking the read the rest link below.