A worldwide alliance of law enforcement agencies has successfully dismantled a significant botnet comprised of tens of thousands of compromised home and small business routers. This operation, which took place on Wednesday, specifically targeted SocksEscort, a service that provided paid proxy access and was built on a network of hacked routers.
According to an announcement from the Justice Department, SocksEscort facilitated various cybercrimes, including unauthorized access to victims' bank and cryptocurrency accounts and fraudulent unemployment claims, costing Americans millions of dollars.
Europol reported that the SocksEscort botnet affected over 369,000 routers and Internet of Things devices across 163 countries, leading to the disconnection of these compromised devices from the service. The agency highlighted that this botnet was involved in serious offenses, such as ransomware attacks, DDoS attacks, and the distribution of illegal content.
"Customers of this illicit service paid for licenses to exploit these infected devices, masking their real IP addresses to carry out criminal activities," Europol stated. Many router owners were unaware that their devices had been hijacked for such purposes.
As part of the operation, the official SocksEscort website has been replaced with a notice announcing its seizure. The botnet, which had grown to include around 280,000 routers since January, was powered by malware known as AVRecon. Cybersecurity firm Black Lotus Labs, which monitored SocksEscort, collaborated with law enforcement during the takedown.
Black Lotus Labs described the botnet as a substantial threat, primarily marketed to criminals. Notably, over half of its victims were located in the United States and the United Kingdom, allowing attackers to conduct highly targeted operations.
In 2023, Black Lotus Labs referred to SocksEscort as "one of the largest botnets targeting small-office/home-office (SOHO) routers in recent history." The service originated in 2009, initially as a Russian-language platform selling access to numerous hacked computers.
This operation underscores the ongoing global efforts to combat cybercrime and safeguard digital infrastructure. As technology evolves, collaborative initiatives like this will be crucial in shaping a more secure digital future.