GoKawiilHot on the heels of the LeakBase takedown, the combined might of the U.S. Department of Justice and Europol brought down another gigantic botnet, the SocksEscort proxy network, in an effort spanning a total of nine countries.
The enterprise ran for an estimated 16 years, with its inception circa 2010, infecting a grand total of 369,000 devices across its lifetime. The botnet comprised mostly home routers, access points, and IoT devices across 163 countries.
As is commonplace for this type of operation, SocksEscort sold access to infected devices, allowing cyber-criminals to run attacks from a multitude of worldwide locations at once, making the attack hard to block as well as hiding their identities behind those of unsuspecting folks.
Article continues below
According to the U.S. DoJ, the network had about 8,000 routers as of February 2026, of which 2,500 were in the United States. The botnet facilitated multiple criminal activities, including taking over U.S. bank and cryptocurrency accounts, fraudulent insurance claims, ransomware distribution, DDoS attacks, and even the distribution of child sexual abuse material (CSAM).
The DoJ estimates that the fraud costs U.S. citizens millions of dollars, and cites specific examples like a New York cryptocurrency customer losing $1 million, a Pennsylvania business losing $700,000, and multiple Military Star card holders conned out of $100,000. The takedown also included a number of seizures. Europol nabbed 34 domains associated with the network and 23 servers across seven countries, while the U.S. seized $3.5 million worth of cryptocurrency.
As experts have been warning for decades, home routers and all sorts of "smart" home devices are a veritable playground for the criminally minded. Not only do they often arrive in the market with egregious security vulnerabilities, but many manufacturers also drop software support after a short timespan. The fact that the average user is not aware of what a firmware update is, much less how to run one, doesn't help matters — nor are they supposed to.
As always, we recommend readers keep tabs on all internet-connected devices, keep them up to date whenever possible, and avoid connecting them to the internet to begin with, unless absolutely necessary.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.