Dutch prosecutors disable botnet with 17 million drones
The Dutch NCSC and police have shut down a botnet with 200 servers and 17 million infected devices.
(Image: Portrait Image Asia/Shutterstock.com)
Late last week, Dutch police, together with the country's National Cyber Security Centre (NCSC), succeeded in a strike against a large botnet. The botnet, used for criminal purposes, comprised 200 servers and 17 million infected devices.
This was announced by the NCSC on its website. According to the NCSC, an IT security researcher provided crucial clues that triggered investigations by the The Hague police unit and the NCSC. These revealed that the botnet consisted of at least 17 million infected devices controlled by an infrastructure of 200 servers located in the Netherlands. The drones include devices such as computers, tablets, and smartphones, but also smart home devices and routers.
Drones refer to infected devices that act on the command of the administration servers (Command-and-Control servers) and initiate DDoS attacks or, in the case of “Residential Proxy Services,” redirect and thus anonymize the criminals' traffic.
Police seized several servers from a hosting provider and continued their investigation. The botnet was subsequently taken offline by the hosting provider after it became clear that it was being used for criminal purposes.
Botnet as a “Residential Proxy Service”
The NCSC does not go into further detail, but NLTimes reports that it was the “Asocks” botnet. This primarily serves as an obfuscation service, a “Residential Proxy Service.” The criminals behind the botnet infect inadequately protected end-user devices with malware, which then turns the devices into nodes within this “Asocks” proxy network. This allows users of the service to disguise their true origin.
Videos by heise
The “Asocks” botnet was used to route internet traffic and launch large-scale cyberattacks. The owners of the infected devices are usually unaware of all this. The NCSC therefore provides tips for end-users: operating systems, routers, and apps should always be kept up to date. They should also keep an overview of their devices on the network. Passwords should not be reused but should be individual; users should also change the default passwords of their devices. Software and apps should also come from trusted sources.
Law enforcement agencies repeatedly succeed in striking against such criminal botnets. In mid-March, for example, the proxy botnet “SocksEscort,” with more than 369,000 drones, was shut down by international law enforcement.
(dmk)
