US and European authorities have dismantled a major cybercriminal infrastructure. This concerns SocksEscort, a proxy service used by criminals to hide their identities during digital fraud, including stealing cryptocurrency.
The US Department of Justice (DOJ) and Europol announced this on Thursday. The action is part of an international operation against cybercrime involving several countries.
Global network of hacked devices
According to researchers, SocksEscort used a large network of hacked devices. In total, at least 369,000 routers and other internet devices in 163 countries are said to have been infected.
Once these devices were taken over, criminals could use them as so-called proxy servers. Such a proxy works as an intermediary on the Internet and ensures that the real IP address of a user remains hidden. This makes it more difficult for investigative services to find out where a cyber attack comes from.
The proxy service is said to have been active since 2020 and was used for various forms of cybercrime. This includes bank fraud and taking over accounts with cryptocurrency.
In one of the cases described by prosecutors, a victim in New York lost about $1 million in cryptocurrency after criminals gained access to his account.
Servers offline and millions in crypto frozen
During the international operation, authorities disabled several parts of the network. A total of 34 domain names were seized and approximately two dozen servers in seven countries were taken offline.
In addition, law enforcement authorities have frozen approximately $3.5 million in cryptocurrency linked to the operation.
According to Europol, users could access SocksEscort through a special payment platform. There, criminals could purchase the proxy service anonymously with cryptocurrency.
Researchers estimate that the platform has generated at least 5 million euros in revenue since its inception.
International cooperation against cybercrime
According to Europol director Catherine De Bolle, proxy services such as SocksEscort play an important role in the digital infrastructure of cybercriminals.
She argues that such services help criminals to carry out attacks, spread illegal content and evade detection.
According to De Bolle, the operation shows how important international cooperation is in combating cybercrime. When researchers share information worldwide, the infrastructure behind cybercrime can be better detected and dismantled.
Investigative services from several countries involved
Investigative services from Austria, France, the Netherlands, Germany, Hungary, Romania and the United States took part in the operation.
In the US, the investigation included the FBI’s Sacramento office, the US Department of Defense’s Defense Criminal Investigative Service and IRS Criminal Investigation.
Europol and Eurojust supported international cooperation and helped coordinate the operation.
Private organizations also played a role. For example, Black Lotus Labs, the threat analysis department of telecom company Lumen Technologies, and the non-profit organization Shadowserver Foundation provided important technical information during the investigation.
Malware used to take over devices
According to cybersecurity site The Hacker News, SocksEscort used malware called AVrecon. This software allowed routers and other Internet devices to be infected and controlled remotely.
The details about this malware were made public in July 2023 by researchers at Black Lotus Labs.
The dismantling of SocksEscort is seen as an important step in the fight against cybercrime, as such proxy networks are often used to carry out fraud, hacks and other digital crimes.
Source: https://newsbit.nl/internationale-politieactie-haalt-cybercrimineel-proxynetwerk-socksescort-offline/
