The FBI has successfully dismantled the notorious IPStorm botnet proxy network, a criminal operation that emerged in 2019 and initially targeted Windows systems. The network later expanded its reach to devices operating on various systems. The law enforcement agency reported this week that the network, along with its infrastructure, has been taken down, and its creator, Sergei Makinin, a Russian and Moldovan national, is now in custody after pleading guilty to three related criminal charges. The FBI revealed that Makinin ran the operation from at least June 2019 to December 2022 and could face up to 30 years in prison.
The operation marks the end of a four-plus-year run of the botnet, which, according to law enforcement authorities, had a global impact. Makinin claimed on his website that the botnet included over 23,000 proxies collected worldwide and boasted earnings of at least $550,000 from the illicit operation, as reported by the FBI.
As part of his plea agreement, Makinin is forfeiting cryptocurrency wallets associated with the scheme. However, no sentencing date has been announced yet.
Makinin’s malware was designed to transform infected devices into proxies within a massive botnet. These proxies were then offered for access through Makinin’s websites, proxx[.]io and proxx[.]net. Customers seeking to conceal their internet activities would pay substantial amounts to route traffic through thousands of infected computers, creating a lucrative enterprise for Makinin.
The FBI emphasized the global reach of the botnet, affecting thousands of internet-connected devices across various countries, including Puerto Rico. The investigation was conducted by the FBI cyber team in San Juan, with support from legal attaché offices in Madrid, Spain, and Santo Domingo in the Dominican Republic, as well as collaboration with law enforcement agencies in both countries and Interpol. The National Cyber-Forensics and Training Alliance, which includes cybersecurity vendors Bitdefender, Anomali, and Intezer, also played a role in the effort.
Joseph González, Special Agent in Charge of the FBI’s San Juan Field Office, commented on the challenges posed by cybercriminals who seek anonymity, highlighting the need for law enforcement to address such criminal activity conducted through cybernetic means.
The FBI clarified that its capabilities in this case were limited to disabling the botnet’s infrastructure, preventing the identification of owners or users of the infected computers within the network.
The malware used in the botnet, named InterPlanetary Storm, utilized the InterPlanetary File System peer-to-peer network, allowing infected systems to communicate directly and via nodes. Built on the Go programming language, the malware targeted Windows initially but later expanded its reach to Android, Mac OS, and Linux-based systems.
The threat of botnets continues to evolve, with cybercriminals adopting more modern languages, like Go, to evade detection. The fast-growing nature of botnets poses an increasing risk to corporate security, as highlighted in a report by network visibility vendor Netscout. In 2022, Netscout identified 1.3 million DDoS-capable botnet nodes, and in the first half of 2023, the vendor tracked 592,373 nodes, demonstrating the ongoing evolution and persistence of these cyber threats.
Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the bottom of the page.