The U.S. Federal Bureau of Investigation today revealed that it has dismantled the IPStorm botnet proxy network and arrested a Russian and Moldovan national accused of running the network.

The accused botnet operator, Sergei Makinin, was arrested on Sept. 18 in Puerto Rico and has since pled guilty to three counts of violating 18 U.S.C. § 1030(a)(5)(A) — knowingly causing the transmission of a program that intentionally caused damage without authorization to protected computers.

The IPStorm botnet first emerged in 2019 and initially targeted Windows systems, until expanding to target other operating systems, including Android, Linux and Mac, in 2020. Makinin is said to have developed and deployed malicious software to hack thousands of internet-connected devices around the world. The main purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme available through the websites proxx.io and proxx.net.

Through his websites, Makinin sold access to the infected, controlled devices to customers seeking to hide their internet activities. Customers would pay hundreds of dollars a month to route traffic through the botnet. Makinin claimed on his website that he had more than 23,000 “highly anonymous” proxies from across the world. Makinin has admitted to gaining at least $550,000 from the service.

The FBI operation dismantled the botnet by disabling the defendant’s infrastructure but did not extend to the information of the owners and users of the computers. The operation was led by the FBI with cooperation from the Spanish National Police and Dominican National Police and assistance from Bitdefender SRL, Anomali Inc. and Intezer Ltd.

“Cybercriminals seek to remain anonymous and derive a sense of security because they hide behind keyboards, often thousands of miles away from their victims,” Joseph González, special agent in charge of the FBI’s San Juan Field Office, said in a statement. “The FBI’s cyber mission has been to impose risk and consequences on our adversaries, ensuring cyberspace is no safe space for criminal activity.

Discussing the news, Alexandru Catalin Cosoi, senior director of the Investigation and Forensics Unit at Bitdefender, who assisted the FBI in the takedown, told SiliconANGLE that the botnet “was complex and used to power various cybercriminal activities by renting it as a proxy as a service system over infected IoT devices.”

“Our initial research back in 2020 uncovered valuable clues to the culprit behind its operation and we are extremely pleased it helped lead to arrests,” Cosoi added. “This investigation is another primary example of law enforcement and the private cybersecurity sector working together to shut down illegal online activities and bring those responsible to justice.”

Photo: Defense.gov