A 20-year-old bot network, relying on outdated home Wi-Fi routers, has been dismantled by the FBI and its partners. The operation uncovered $46 million generated from the sale of anonymous proxies used for criminal activities through websites Anyproxy.net and 5socks.net.

A Global Network Built on Trash Hardware

In collaboration with the Dutch and Thai police, the FBI has put an end to a criminal network operating on outdated Wi-Fi routers. Since 2004, the sites Anyproxy.net and 5socks.net have been selling access to these devices transformed into proxy servers. For a monthly subscription ranging from 10to10to110, customers could rent these connections to mask their identity online. This network, partially managed from Virginia, relied on a globally spread botnet. The result: over $46 million generated through an infrastructure based on outdated and poorly secured hardware.

A Long-Term Operation Made Possible by Known Vulnerabilities

The cybercriminal group primarily targeted routers from brands like Linksys, Cisco, or Ericsson, whose support had been abandoned for years. No zero-day exploits were used; the vulnerabilities exploited were well-documented. Once infected, the routers were reconfigured to provide remote access and used as anonymous relays for other malicious actors. The deployed malware, reminiscent of one known as TheMoon, also allowed the infection to spread to other vulnerable devices on the network.

The four individuals involved (three Russians and one Kazakhstani) are accused of conspiracy, sabotage of protected systems, and fraudulent domain registration. The investigation, conducted as part of the “Moonlander” operation, also traced the command and control servers to Turkey. Despite the commercial façade boasting over 7,000 available proxies, analysts at Lumen Technologies estimate that only about 1,000 were active on average each week, spread across more than 80 countries, predominantly the United States.

READ 👉  The Race For The Best Generative AI is Underway: What Are The Consequences For Cybersecurity?

Update or Replace Your Routers

The FBI takes this opportunity to remind users of the importance of replacing end-of-life routers, especially those identified as vulnerable. Users are also encouraged to disable remote administration and regularly reboot their equipment to limit infection risks. The case of 5socks.net once again highlights the extent to which residential proxy networks can expand in cybercriminal activities, making tracing more difficult for authorities!

Do you have an old router at home? Beware, as it might be doing some very shady things behind your back.

Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post!And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

Cybersecurity

Tagged in:

, , , , , , , , ,