DOJ, Foreign Partners Shut Down Russian Botnet Operation

The Department of Justice announced the dismantling of the infrastructure of a Russian botnet known as RSOCKS, which hacked millions of computers and other electronic devices around the world. The law enforcement operation was made possible with the help of partners in Germany, the Netherlands and the United Kingdom, the DOJ said Thursday.

In a statement, the Justice Department said that the RSOCKS botnet comprises millions of hacked devices worldwide and is operated by Russian cybercriminals. RSOCKS initially targeted internet of things devices but quickly expanded to compromising additional types of devices, including Android devices and conventional computers.

U.S. attorney Randy Grossman of the Southern District of California warned that cybercriminals will not escape justice regardless of where they operate. He said the U.S. government will “relentlessly pursue and prosecute malicious cyber actors while using all the tools at its disposal,” including forming partnerships around the globe.

For his part, Stacey Moy, special agent in charge at the Federal Bureau of Investigation, said the operation disrupted a “highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad.”

The DOJ explained that the botnet offered its clients access to IP addresses assigned to devices that had been hacked. A cybercriminal wanting to use the RSOCKS platform could use a web browser to navigate a web-based “storefront” for a fee. It was learned that the cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.

The botnet’s criminal clients were able to download a list of IP addresses and ports associated with one or more of the botnet’s backend servers and route malicious internet traffic through the compromised victim devices while masking the true source of the traffic, according to the DOJ.