Latest news with #5Socks
Yahoo
10-05-2025
- Yahoo
FBI says these 13 old internet routers are vulnerable to attacks. Is yours on the list?
The FBI has issued a security warning urging owners of old internet routers to replace their equipment, lest they become victims of a cyberattack. The flash notice, issued May 7, said that "end-of-life" (EOL) routers, or those made so long ago that their software is no longer supported by their manufacturers, are being targeted by bad actors due to their age. With no patches or regular software updates to address security weaknesses, the outdated equipment becomes exceptionally vulnerable, allowing cyberattackers to access it remotely and install malware. The targeted routers come pre-loaded with remote management software that threat actors know how to tap into, advised the notice. Once they do, they may install malicious software or set up a botnet − a group of internet-connected devices compromised and controlled by a third party that can then use them in an orchestrated manner to carry out activities such as stealing data, sending spam or committing denial-of-service attacks. Cybercriminals may also use compromised devices to sell proxy services, which entails selling access to these devices to other bad actors who then use them to hide their locations and identities. This specific notice concerns known attacks associated with 5Socks and Anyproxy, services known for selling these proxies to shady figures that were recently seized by the FBI. The vulnerable routers in question will be familiar to early internet users, as many are Linksys brand, one of the most popular and iconic at-home networking suppliers of the 2000s and 2010s. E1200 E2500 E1000 E4200 E1500 E300 E3200 WRT320N E1550 WRT610N E100 M10 WRT310N The remote administration feature that comes pre-installed on these routers is the major source of vulnerability, explained the FBI warning. Cybercriminals have become familiar with accessing outdated remote management software, allowing them to install their own software that gives them perpetual access to your device. Even if the remote administration feature of your router is password protected, threat actors can still easily get in. The installed malware then allows them to communicate with the router periodically, ensuring continued access. Because the malware is router-based, said the FBI, it can be more difficult for users to notice when something is wrong. While the agency suggests replacing any router from the above list altogether, the FBI did provide a list of file names you can check for that are associated with these attacks. If you have a router from the above list, it may likely have been struggling already to keep up with the demands of a modern digital home. The best course of action is to replace it with a more modern model, advised the FBI notice, and one that is new enough that it is still being serviced with regular software updates. Users can also disable remote administration and reboot their routers to cut off this primary access point. If you believe your router or another device in your home may have been compromised or the subject of suspicious activity, the agency asks that it be reported to your local FBI field office. Field offices can be located and contacted at This article originally appeared on USA TODAY: These 13 internet routers are vulnerable to attacks, FBI says
TechCrunch
09-05-2025
- TechCrunch
FBI and Dutch police seize and shut down botnet of hacked routers
A joint international law enforcement action shut down two services accused of providing a botnet of hacked internet-connected devices, including routers, to cybercriminals. U.S. prosecutors also indicted four people accused of hacking into the devices and running the botnet. On Wednesday, the websites of Anyproxy and 5Socks were replaced with notices stating they had been seized by the FBI as part of a law enforcement operation called 'Operation Moonlander.' The notice said the law enforcement action was carried out by the FBI, the Dutch National Police (Politie), the U.S. Attorney's Office for the Northern District of Oklahoma, and the U.S. Department of Justice. Then on Friday, U.S. prosecutors announced the dismantling of the botnet and the indictment of three Russians: Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin; and Dmitriy Rubtsov, a Kazakhstan national. The four are accused of profiting from running Anyproxy and 5Socks under the pretense of offering legitimate proxy services, but which prosecutors say were built on hacked routers. Chertkov, Morozov, Rubtsoyv, and Shishkin, who all reside outside of the United States, targeted older-models of wireless internet routers that had known vulnerabilities, compromising 'thousands' of such devices, according to the now-unsealed indictment. When in control of those routers, the four individuals then sold access to the botnet on Anyproxy and 5Socks, services that have been active since 2004, according to their websites and the charging authorities. Residential proxy networks are not illegal on their own; these offerings are often used to provide customers with IP addresses for accessing geoblocked content or bypassing government censorship. Anyproxy and 5Socks, however, allegedly built their network of proxies — some of them made of residential IP addresses — by infecting thousands of vulnerable internet-connected devices and effectively turning them into a botnet used by cybercriminals, according to the Department of Justice. 'In this way, the botnet subscribers' internet traffic appeared to come from the IP addresses assigned to the compromised devices rather than the IP addresses assigned to the devices that the subscribers were actually using to conduct their online activity,' read the indictment. Techcrunch event Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | BOOK NOW 'Conspirators acting through 5Socks publicly marketed the Anyproxy botnet as a residential proxy service on social media and online discussion forums, including cybercriminal forums,' the indictment added. 'Such residential proxy services are particularly useful to criminal hackers to provide anonymity when committing cybercrimes; residential‐as opposed to commercial‐IP addresses are generally assumed by internet security services as much more likely to be legitimate traffic.' According to the DOJ's press release, the four are believed to have made more than $46 million from selling access to the botnet. The FBI, DOJ, and the Dutch National Police did not respond to requests for comment. Ryan English, a researcher at Black Lotus Labs, told TechCrunch ahead of the domain seizures that the two services were used for several types of abuse, including password spraying, launching distributed denial-of-service (DDoS) attacks, and ad fraud. On Friday, Black Lotus Labs, a team of researchers housed within cybersecurity firm Lumen, published a report saying they helped the authorities track the proxy networks. As Black Lotus explained in its report, the botnet was 'designed to offer anonymity for malicious actors online.' English told TechCrunch that he and his colleagues are confident that Anyproxy and 5Socks are 'the same pool of proxies run by the same operators, just under a different name,' and that 'the bulk of the botnet were routers, all kinds of end-of-life make and models.' According to the report and based on Lumen's global network visibility, the botnet had 'an average of about 1,000 weekly active proxies in over 80 countries.' Spur, a company that tracks proxy services on the internet, also worked on the operation. Spur's co-founder Riley Kilmer told TechCrunch that while 5Socks is one of the smaller criminal networks the company tracks, the network had 'gained in popularity for financial fraud.'
