The U.S. Department of Justice (DOJ) announced on Thursday that it has shut down a botnet run by Russian cybercriminals. The DoJ said it dismantled the botnet, known as “RSOCKS,” with the help of its law enforcement partners in Germany, the Netherlands, and the United Kingdom.
The Federal Bureau of Investigation (FBI) conducted covert operations to gather intelligence on the cyber campaign, and help authorities take down the network.
The RSOCKS botnet was made up of millions of hacked devices around the world. The compromised devices include industrial control systems, routers, streaming devices, smart garage door openers, as well as Android devices and computers.
What Is a Botnet?
A botnet refers to a cluster of hacked devices operated by a cybercriminal or malicious group. Any device that can connect to the internet is a potential botnet target. This includes Internet of Things (IoT) devices, smartphones, and computers.
Cybercriminals use the network of devices in a botnet to carry out nefarious schemes, such as DDoS attacks, or to spread spam or malicious links. The owners of compromised devices are usually unaware that their devices have been commandeered and stitched into an illegal network.
Cybercriminals Profited From Hacked Devices
Every internet-connected device has an IP address. Cybercriminals often seek access to a botnet to route their internet traffic through the IP addresses of hacked devices to avoid detection.
The operators of the RSOCKS botnet ran a marketplace where other cybercriminals could lease the IP addresses of devices on the network. The fee they charged for this service ranged from “$30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.”
“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DOJ said in its statement.
Undercover Operation to Shut Down RSOCKS
The FBI conducted undercover operations to take down this massive cybercrime network. FBI investigators posed as cybercriminals and paid the operators of the RSOCKS botnet for access to get an idea of the “backend infrastructure and its victims.” The latter included several large public and private organizations, small businesses, and individuals, the DoJ said.
In 2017, the FBI identified 325,000 hacked devices in the RSOCKS network. The agency also learned that the operators of the botnet took over target devices through brute force attacks. The botnet’s backend servers “maintained a persistent connection to the compromised device.” the DoJ’s statement said.
The FBI worked with three victim locations, replacing the hacked devices with devices controlled by investigators, to learn more about the botnet.
“Cyber criminals will not escape justice regardless of where they operate. Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible,” U.S. Attorney Randy Grossman said.
Global Efforts Against Botnets
Botnet networks are usually made up of devices from all around the world. Countries have recognized this issue and often carry out coordinated campaigns to dismantle such networks.
Last year, a global operation called Operation Ladybird took down the Emotet botnet. Authorities from the Netherlands, Germany, France, the UK, Ukraine, the U.S., Canada, and Lithuania collaborated on the operation.
Apart from governments, major industry players have also taken proactive measures against high-profile botnets. In August 2021, Google announced that it had taken steps to disrupt the Gluteba botnet, which targeted Windows devices. In 2020, Microsoft worked with its partners to take down Necurs, the world’s largest malware botnet at the time.
The FBI highlighted the significance of the international effort against the RSOCKS botnet in the context of its broader cybersecurity efforts.
“This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad,” FBI Special Agent in Charge Stacey Moy said
“Our fight against cybercriminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the FBI’s ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners,” Moy added.
Check out our detailed guide to botnets to learn more about these illegal networks, and what you can do to protect yourself.