A domain seizure warrant was unsealed, along with an indictment charging four foreign national hackers with conspiracy and other computer crimes, announced U.S. Attorney Clint Johnson.
Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national, were charged with Conspiracy and Damage to Protected Computers for conspiring with others to maintain, operate, and profit from botnet services known as Anyproxy and 5socks.
The Indictment alleges that a botnet was created by infecting older-model wireless internet routers worldwide, including in the United States, using malware without their owners’ knowledge. The installed malware allowed the routers to be reconfigured, granting unauthorized access to third parties and making the routers available for sale as proxy servers on the Anyproxy.net and 5socks.net websites. Both website domains were managed by a company headquartered in Virginia and hosted on computer servers worldwide.
Additional court documents reveal that the 5socks.net website advertised more than 7,000 proxies for sale worldwide, including in the United States. Users paid a monthly subscription fee, ranging from $9.95 to $110 per month. The website’s slogan, “Working since 2004!”, indicates that the service has been available for more than 20 years. The defendants are believed to have amassed more than $46 million from selling access to the infected routers that were part of the Anyproxy botnet.
Chertkov and Rubtsov are additionally charged with False Registration of a Domain Name. They allegedly falsely identified themselves when they registered and used the domains Anyproxy.net and 5socks.net during the commission of these
felony crimes.
During the investigation, the FBI’s Oklahoma City Cyber Task Force discovered that business and residential routers in Oklahoma had malware installed without the users’ knowledge.
Pursuant to a seizure warrant in the Eastern District of Virginia and in conjunction with the unsealing of the Indictment in the Northern District of Oklahoma, the FBI seized the Anyproxy.net and 5socks.net domain names. The botnet overseas was also seized and disabled by foreign law enforcement partners.
The FBI Oklahoma City Cyber Task Force is investigating the case.
Assistant U.S. Attorneys George Jiang and Christopher J. Nassar, with the Northern District of Oklahoma, are prosecuting the case, along with Ryan K.J. Dickey and Jane Lee, Senior Counsel from the Computer Crime and Intellectual Property Section.
The Justice Department collaborated closely with investigators and prosecutors from multiple jurisdictions in this investigation, including the Eastern District of Virginia, the Dutch National Police – Amsterdam Region, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police. Black Lotus Labs of Lumen Technologies, Inc., provided significant assistance and worked closely with investigators.
An indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
