How the RSocks Botnet Was Finally Shut Down

October 2023

Botnet attacks have been on the rise for years, infecting devices across the globe, exploiting sensitive information, and even being used to launch distributed denial of service (DDoS) attacks. Specifically, botnet attacks are unique in the fact that they are carried out by several compromised IoT devices (ranging from smart speakers to video doorbells) to create an “army” of sorts.

In 2017, the FBI identified a Russian botnet known as RSocks. Since then, the United States Department of Justice has been working diligently alongside law enforcement in Germany, the Netherlands, and the United Kingdom to take this botnet down. In June of 2022, they were finally successful.

More About the RSocks Botnet

The RSocks botnet was first discovered in 2017 when approximately 325,000 compromised IoT devices were found to have carried out many brute force attacks. These attacks involved guessing the passwords of users through numerous attempts. Once devices were compromised, each was assigned a unique IP address. The hackers behind the RSocks botnet then rented out access to these compromised devices to cybercriminals, changing anywhere from a few dollars per day to thousands of dollars for access.

From there, those who purchased access to the botnets could use them to carry out further cyber crimes in the form of DDoS attacks, password-guessing attacks, malware attacks, and phishing schemes. By the time this botnet was taken down, it is believed that millions of devices were compromised. Likewise, many large private and public entities were affected by attacks that were carried out by these devices.

How the RSocks Botnet Was Defeated

In 2017, investigators began the early stages of the RSocks botnet takedown by going undercover and purchasing compromised devices. From there, further analysis of the devices and victim accounts helped investigators determine that RSocks back-end servers had maintained a connection to the compromised devices. With victim consent, investigators were able to replace compromised devices with government computers known as honeypots; from there, they were able to trace the origins to the original hackers.

Since then, the RSocks website has been taken down and replaced with a banner from the FBI. Investigators have not gone into any further detail about how the botnet was taken down or any specific criminal charges against individuals.

Understanding the Significance

Having the RSocks botnet taken down was a huge accomplishment for two main reasons. For starters, it saved future victims from having their personal data and/or accounts compromised. However, it also sent a message to hackers across the globe that governments can and will work together to end botnet threats for good.

While the RSocks botnet may be no more, there are still many other botnets out there posing a security risk to web users. Looking to protect yourself? Keep some important dedicated server security tips and best practices in mind. Not already using a dedicated server? Get in touch with our team at ReliableSite to make the switch today.