The US Treasury Department has sanctioned three Chinese nationals for their involvement in a VPN-powered botnet with more than 19 million residential IP addresses they rented out to cybercriminals to obfuscate their illegal activities, including COVID-19 aid scams and bomb threats.

The criminal enterprise, the Treasury Department said Tuesday, was a residential proxy service known as 911 S5. Such services provide a bank of IP addresses belonging to everyday home users for customers to route Internet connections through. When accessing a website or other Internet service, the connection appears to originate with the home user.

In 2022, researchers at the University of Sherbrooke profiled 911[.]re, a service that appears to be an earlier version of 911 S5. At the time, its infrastructure comprised 120,000 residential IP addresses. This pool was created using one of two free VPNs—MaskVPN and DewVPN—marketed to end users. Besides acting as a legitimate VPN, the software also operated as a botnet that covertly turned users’ devices into a proxy server. The complex structure was designed with the intent of making the botnet hard to reverse engineer.

Comments

righttoprivacy wrote on May 30, 2024 at 6:32 PM

Hrmmm free VPN that turns you into botnet.

I guess the lesson here is: "Nothing is truly free, except I2P!" 😛

NotQball wrote on May 31, 2024 at 3:42 AM

It happens on i2p too. Some email services hack other routers at peak time for bandwith. At least the bro is making money and is temporary. We are all innocent with some exceptions so it is all legal activity.