Int’l Collaboration Against Major Cyber Threat Turns Successful

Photo illus. by Pixabay cyber-security

This post is also available in: עברית (Hebrew)

More and more components of homes and businesses go “smart” and internet-connected. These IoT devices are exposed to the lack of adequate security in the first place and the failure to regularly patch them for developing security issues. Bots scan devices, look for vulnerabilities, and communicate back to hackers. 

There is no doubt that immediate and major improvements in IoT security are needed. An international cybersecurity collaboration turned out as a success as a major Russian botnet that had compromised millions of devices worldwide has been taken down.

The US Department of Justice (DOJ) worked with law enforcement in Germany, the Netherlands, and the United Kingdom to seize infrastructure belonging to the Russian botnet’s operation. 

RSOCKS, the Russian botnet, was essentially functioning as an underground proxy service provider for criminals, allowing for the rental of the IP addresses attached to its collection of hacked IoT devices, Android phones and computers, according to In fact, the extent of its operation reportedly grew to about eight million devices worldwide prior to the takedown.

Legitimate proxy services cut off customers for engaging in the sort of cyber criminal activities. 

The Russian botnet was active since at least 2014, and over the years it has amassed millions of devices in its collection, first focusing on compromising poorly secured IoT devices but soon moving on to include Android phones/tablets and even computers.

Illicit actors rented access to RSOCKS as a proxy service, primarily for the purpose of brute force/ password guessing login campaigns, disguising the sources of traffic for phishing campaigns, and distributed denial of service (DDoS) attacks. 

The takedown of the Russian botnet went underway in 2017 when members of the Federal Bureau of Investigation (FBI) began renting access to the underground proxy service to probe its backend infrastructure and identify victims. The count at the time was about 325,000 devices around the world; RSOCKS had since doubled that number several times.

The Russian botnet reportedly grew to its massive size exponentially, conducting brute force login attempts against new victims by using the devices it had already collected. These attempts were very likely fed by the long lists of compromised usernames and passwords that have been dumped to the internet in the wake of data breaches.