Russian botnet infected millions of devices worldwide, including San Diego

A Russia-based cybercrime organization that has broken into millions of electronic devices around the world and sold their identities on the Internet for use by other criminals has been shut down in a joint law enforcement operation covering the US, Europe and the United Kingdom, according to the U.S. Attorney’s Office, said San Diego on Thursday.

The target of the investigation, a botnet known as RSOCKS, was dismantled as a result, the office said.

The confirmed victims so far, including at least six in San Diego County, range from large public and private entities – such as a university, a hotel, a television studio and an electronics maker – to home businesses and individuals, according to researchers. No one was publicly identified.

Authorities have not announced any arrests or named individual suspects linked to the operation. However, the details of the investigation, which began in 2016, refer to an affidavit of an investigation warrant that was unsealed in the federal court of San Diego on Thursday.

The botnet – a network of infected devices or “bots” that work together, usually for malicious purposes – compromised everything from smart garage door openers to routers, audio / video streaming devices to Android phones and computers. RSOCKS then stole each device’s unique Internet protocol or IP address and passed it on to other cybercriminals, who used the IDs to hide their own miserable activities, according to investigators.

From RSOCKS online shop windows – which served English and Chinese speakers on different websites – cybercriminals could rent access to stolen IP addresses for days, weeks or months at a time. A team of 2,000 proxies could cost a criminal user $ 30 a day or $ 200 a day for 90,000, according to the search warrant.

With their digital fingerprints now disguised, these criminals then carried out a series of cyber-attacks – from large-scale attempts to access accounts using stolen usernames and passwords to sending malicious emails to hacking social media accounts, according to investigators. .

The true extent of the criminal activity that the botnet unleashed on the world through access to the vault of its swiped IP addresses is unknown. Authorities on Thursday provided no specific case of RSOCKS-linked cybercrime.

FBI secret agents gained access to the RSOCKS system in 2017, which at the time was advertising to its clients some 325,000 stolen proxies available worldwide, according to the search warrant. Within weeks, agents located at least 75,000 unique victim devices, with “many” located in San Diego County and other parts of Southern California.

Agents interviewed 12 victims. Two of the victims told investigators that their ISPs had previously reported botnet activity on their IP addresses. Many told the agents that they noticed performance problems with their devices, but could not understand why.

Three victims worked with the FBI to allow agents to replace their compromised devices with computer-controlled computers that could monitor the botnet. RSOCKS quickly infected all three, the researchers said.

Agents were able to determine that RSOCKS used brute force attacks – a trial and error method that uses automated software to guess passwords and other user data – to gain initial access to victims’ devices. The botnet then maintained a firm connection to the devices.

The web hosting of the showcase itself goes back to an Internet service provider based in West Palm Beach, Florida, according to the search warrant. The involvement of this company in the investigation was not immediately clear.

The Justice Department investigation was assisted by law enforcement agencies in Germany, the Netherlands and the United Kingdom, as well as by Black Echo, a private-sector cybersecurity company, the U.S. Attorney’s Office said.

window.fbAsyncInit = function() {
FB.init({ appId: ‘125832154430708’, xfbml: true,
version: ‘v12.0’
if (document.getElementById(‘facebook-jssdk’) === null) {
const js = document.createElement(‘script’);
js.id = ‘facebook-jssdk’;
js.async = true;
js.setAttribute(‘crossorigin’, ‘anonymous’)
window.setTimeout(function () {
}, 1500);

Russian botnet infected millions of devices worldwide, including San Diego Source link Russian botnet infected millions of devices worldwide, including San Diego

Related Articles

Back to top button