The FBI, in collaboration with enforcement agencies from Germany, the United Kingdom and the Netherlands, has taken down a large Russian botnet. The botnet, also known as RSOCKS, had infected millions of devices worldwide. In addition to private individuals, computers and IoT applications of a university, hotel and television studio were also hacked.
That writes the US Department of Justice in a press statement.
This is what you need to know about a botnet
A botnet is a network of infected computers or other (mobile) devices. An infected device is also called a zombie, the one that manages the network is a botmaster. Owners often do not realize that their hardware is part of a botnet. The administrator uses the infected devices to, for example, perform a Distributed Denial of Service or DDoS attack. This shuts down servers and websites by bombarding them with huge amounts of connection requests.
In addition to a DDoS attack, a botnet can also be used to flood internet users with spam messages. The perpetrators use so-called Command & Control servers (C&C servers) for this. These servers are the nerve centre or headquarters from which hackers receive stolen data and send spam. With spam messages, scammers try to obtain as much personal information as possible from unsuspecting victims. This form of cybercrime is also known as phishing.
Accounts hacken via brute force attacks
The RSOCKS bot master mainly focused on equipment with Internet of Things (IoT) applications. These are products that are connected to the internet and communicate with other devices in this way. Think of routers, devices to stream videos and music, smart cameras and control systems used in business. It is not for nothing that these devices have their own IP address.
Gradually, the botnet administrator expanded his network to include Android devices and traditional computers. At one point, RSOCKS consisted of millions of infected devices. With this, the bot master performed various brute force attacks. In a brute force attack, cyber criminals try to hack into accounts by entering an unlimited number of usernames and password combinations, until there is a match.
RSOCKS hid IP address from cyber criminals
Once part of the RSOCKS botnet, compromised devices were used as a proxy service. With a proxy it is possible to hide your own IP address and surf the internet anonymously. In effect, a proxy acts as an intermediate station between you and the internet to hide your identity and location from the outside world.
In the case of RSOCKS, the victims were unaware that their equipment was being used to redirect Internet traffic through their IP address. For a fee, hackers and cybercriminals could use infected devices as a proxy service. Customers could rent these proxies for a day, a week or a month. RSOCKS proxies cost just $30 a day, giving you access to 2,000 proxies. For $200 a day, malicious parties could get away with 90,000 proxies.
‘Sophisticated criminal organization disrupted’
After purchase, the customer was able to download a list of IP addresses and ports associated with one or more of the botnet’s backend servers. In this way, users were able to redirect their (mostly malicious) internet traffic through infected devices of unsuspecting victims to mask or hide their identity and location. According to the US Department of Justice, buyers tried to attack authentication services and send phishing messages via RSOCKS proxies.
The website where the proxies were offered for sale has been taken offline. In addition to the FBI, enforcement agencies from Germany, the United Kingdom and the Netherlands assisted in this. “This operation disrupted a highly sophisticated Russian-based criminal organization that carried out cyber intrusions in the United States and beyond,” explained an FBI agent.
Catch up on more articles here
Follow us on Twitter here