DoJ dismantles botnet made of 360,000 infected routers and IOT devices spread across 163 countries that ran for 16 years — SocksEscort proxy network eliminated in joint operation with Europol
4 hours ago
9
(Image credit: Getty Images)
Hot on the heels of the LeakBase takedown, the combined might of the U.S. Department of Justice and Europol brought down another gigantic botnet, the SocksEscort proxy network, in an effort spanning a total of nine countries.
The enterprise ran for an estimated 16 years, with its inception circa 2010, infecting a grand total of 369,000 devices across its lifetime. The botnet comprised mostly home routers, access points, and IoT devices across 163 countries.
As is commonplace for this type of operation, SocksEscort sold access to infected devices, allowing cyber-criminals to run attacks from a multitude of worldwide locations at once, making the attack hard to block as well as hiding their identities behind those of unsuspecting folks.
Article continues below
According to the U.S. DoJ, the network had about 8,000 routers as of February 2026, of which 2,500 were in the United States. The botnet facilitated multiple criminal activities, including taking over U.S. bank and cryptocurrency accounts, fraudulent insurance claims, ransomware distribution, DDoS attacks, and even the distribution of child sexual abuse material (CSAM).
The DoJ estimates that the fraud costs U.S. citizens millions of dollars, and cites specific examples like a New York cryptocurrency customer losing $1 million, a Pennsylvania business losing $700,000, and multiple Military Star card holders conned out of $100,000. The takedown also included a number of seizures. Europol nabbed 34 domains associated with the network and 23 servers across seven countries, while the U.S. seized $3.5 million worth of cryptocurrency.
As experts have been warning for decades, home routers and all sorts of "smart" home devices are a veritable playground for the criminally minded. Not only do they often arrive in the market with egregious security vulnerabilities, but many manufacturers also drop software support after a short timespan. The fact that the average user is not aware of what a firmware update is, much less how to run one, doesn't help matters — nor are they supposed to.
As always, we recommend readers keep tabs on all internet-connected devices, keep them up to date whenever possible, and avoid connecting them to the internet to begin with, unless absolutely necessary.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.
DoJ dismantles botnet made of 360,000 infected routers and IOT devices spread across 163 countries that ran for 16 years — SocksEscort proxy network eliminated in joint operation with Europol
4 hours ago
9
English (US) ·