A domain seizure warrant was unsealed, along with an indictment charging four foreign national hackers with conspiracy and other computer crimes, announced U.S. Attorney Clint Johnson.
Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national, were charged with conspiracy and damage to protected computers for conspiring with others to maintain, operate, and profit from botnet services known as Anyproxy and 5socks.
The Indictment alleges that a botnet was created by infecting older-model wireless internet routers worldwide, including in the United States, using malware without their owners’ knowledge.
The installed malware allowed the routers to be reconfigured, granting unauthorised access to third parties and making the routers available for sale as proxy servers on the Anyproxy.net and 5socks.net websites. Both website domains were managed by a company headquartered in Virginia and hosted on computer servers worldwide.
Additional court documents reveal that the 5socks.net website advertised more than 7,000 proxies for sale worldwide, including in the United States. Users paid a monthly subscription fee, ranging from $9.95 to $110 per month.
The website’s slogan, ‘Working since 2004!’, indicates that the service has been available for more than 20 years. The defendants are believed to have amassed more than $46 million from selling access to the infected routers that were part of the Anyproxy botnet.
Chertkov and Rubtsov are additionally charged with false registration of a domain name. They allegedly falsely identified themselves when they registered and used the domains Anyproxy.net and 5socks.net during the commission of these
felony crimes.
During the investigation, the FBI’s Oklahoma City Cyber Task Force discovered that business and residential routers in Oklahoma had malware installed without the users’ knowledge.
Pursuant to a seizure warrant in the Eastern District of Virginia and in conjunction with the unsealing of the Indictment in the Northern District of Oklahoma, the FBI seized the Anyproxy.net and 5socks.net domain names. The botnet overseas was also seized and disabled by foreign law enforcement partners.
