Source URL: https://it.slashdot.org/story/25/05/09/2223226/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Police Dismantles Botnet Selling Hacked Routers As Residential Proxies
Feedly Summary:
AI Summary and Description: Yes
Summary: Law enforcement has dismantled a significant botnet targeting routers over the past two decades, revealing serious vulnerabilities with older devices. The operation, involving international cooperation, underscores the need for robust security measures against malware like TheMoon, particularly concerning outdated hardware.
Detailed Description: The text presents a significant development in cybersecurity involving the dismantling of a large botnet that compromised thousands of routers globally. Key aspects include:
– **Operation Moonlander**: A joint initiative by U.S. authorities and international partners, including the Dutch National Police and Royal Thai Police, aimed at combating illegal proxy services.
– **Identification of Criminals**: Indictments have been filed against four individuals from Russia and Kazakhstan, highlighting the international scope of cybercrime.
– **Nature of the Botnet**:
– The botnet infected older wireless internet routers with malware since 2004.
– It allowed unauthorized access to these routers, turning them into residential proxies offered through platforms such as Anyproxy and 5socks.
– **Targeting Specific Devices**: The FBI outlined the types of devices primarily targeted, including various models from Linksys and Cisco, emphasizing the security risks associated with outdated routers.
– **Evasion Techniques**:
– The malware variant (TheMoon) was particularly aimed at **end-of-life (EoL)** routers, which typically do not receive security updates.
– Proxies established by the botnet provided gateways for various illegal activities, including cybercrime-for-hire and cryptocurrency theft.
– **Security Warnings**: The FBI’s advisory underscored the challenges of detecting such proxies, as only about 10% are identified as malicious by common security tools.
– **Payment and Access**: The botnet required cryptocurrency for payments, and the zero-authentication access model allowed many malicious actors to utilize these proxies for a wide array of illegal activities, thereby increasing the difficulty of monitoring and mitigating cyber threats.
In essence, this incident highlights the ongoing challenges in securing IoT devices, the importance of maintaining up-to-date hardware, and collaborative law enforcement efforts in combating sophisticated cyber threats. Security professionals can draw from this scenario to enhance their strategies around device management and threat detection in infrastructures relying on legacy equipment.