This Dangerous Russian Botnet Is No More
If you were a hacker, what would make for an ideal target? Would you send phishing emails to unsuspecting users, hoping one would share their credentials? Would you ping their phone with a malicious link that gives you access to their system? What if, however, hacking were as easy as logging into Amazon, and picking a target’s device from a digital storefront? A Russian botnet used to give hackers this exact marketplace, until now.
How the RSOCKS botnet worked
The botnet, called RSOCKS, started by hacking into millions of devices, obtaining the IP addresses for each. From here, RSOCKS placed these IP addresses on a digital marketplace for hackers to buy, allowing them to take advantage of these affected systems as long as the money was there. Like Amazon, this online store was active on a daily basis, allowing hackers to buy new IP addresses at any time.
While many might assume hackers would purchase IP addresses to hack the users they belong to, there was actually a different purpose for these systems: Hackers instead used these IP addresses to disguise the traffic for other illegal activities. If investigators discovered the activity, they wouldn’t be able to identify the legitimate source of that traffic, as it would appear to be coming from the hacked user, rather than the hacker themselves
The FBI took RSOCKS down
The good news, for all of us, is RSOCKS no longer exists. A joint operation between the FBI, as well as agencies in the UK, Germany, and the Netherlands, has dismantled the infrastructure empowering the RSOCKS botnet and its illicit marketplace. Interestingly, the operation succeeded because investigators bought access to RSOCKS, allowing them to discover both how it worked, as well as who were the affected users of the botnet.
Which devices did RSOCKS target?
According to the DoJ, the RSOCKS botnet mostly went after IoT (Internet of Things) devices. These types of devices include things like clocks, routers, streaming devices, smart devices like garage door openers. However, RSOCKS also targeted more substantial devices, such as PCs and Android smartphones. While many of the victims are businesses or organizations, individuals were reportedly affected.[Tech Monitor]