On June 16, visitors of RSocks, a Russian provider of proxy servers, had an unpleasant surprise. In place of the usual website, they were met with an imposing notice stating in red capital letters that THE WEBSITE HAD BEEN SEIZED.
The seizure was part of an operation run by the FBI to disrupt what they called the RSocks botnet. The bureau had monitored the Russian provider since 2017, when it first infiltrated the network.
RSocks claims to be a reseller of proxy servers, getting them from multiple sources. But it looks like the provider had methods to illicitly acquire proxies on its own.
According to the announcement issued by the US Department of Justice, the RSocks botnet initially infected IoT devices like smart garage door openers before moving on to smartphones and desktop computers.
It compromised the devices using brute force attacks, without the knowledge or consent of their owners. Some of the victims included a university, hotel, television studio, home businesses, and individuals. The authorities estimate that the botnet has affected millions of devices throughout the world.
RSocks’ clients then reportedly used the proxy servers for credential stuffing, accessing compromised social media accounts, and sending phishing emails, among other activities.
The operation also involved authorities from the United Kingdom, the Netherlands, and Germany. Currently, the case is being prosecuted by US attorneys.
EDIT: It looks like the RSocks brand is gone for good. But the people behind it are determined to keep going. In an audacious comment, they even promised to restore the status quo for existing clients after transferring to a new service: