# Operation Lightning Cracks Down on SocksEscort Proxy Network Blamed for Tens of Millions in Cyber Fraud

In a significant operation, law enforcement agencies from eight countries have disrupted a residential proxy service called SocksEscort, which was used by criminals to carry out massive digital fraud. The operation, known as Operation Lightning, resulted in the seizure of 23 servers in seven countries, 34 domains, and the freezing of approximately $3.5 million in cryptocurrency linked to the service. The FBI and its partners have been working to bring down SocksEscort, a notorious proxy network that has been responsible for tens of millions of dollars in losses due to various types of cybercrime.

SocksEscort is a prime example of how cybercrime groups use residential proxy services to compromise hundreds of thousands of routers worldwide and carry out digital fraud. The service hacks into home and small business internet routers, selling access to the compromised machines for large-scale fraud and digital crimes. This allows miscreants to mask their true online location and their criminal activities by making it appear to originate from a legitimate home or small-business user. The malware, AVRecon, allows criminals to remotely control the infected device and direct internet traffic through the compromised routers.

According to the US Justice Department, SocksEscort has sold access to about 369,000 different IP addresses since the summer of 2020. As of last month, the criminal network listed access to about 8,000 infected routers to its customers, with 2,500 of those being in the US. Some of the victims include a customer of a cryptocurrency exchange who was defrauded of $1 million worth of cryptocurrency, a Pennsylvania manufacturing business defrauded of $700,000, and current and former US service members with Military Star cards who were defrauded out of $100,000.

The impact of SocksEscort's operations cannot be overstated. The service has been responsible for tens of millions of dollars in losses due to activity such as ransomware, ad fraud, account takeovers, identity theft, business email compromises, romance scams, and password spraying, among many others. "SocksEscort is responsible for tens of millions of dollars in losses due to activity such as ransomware, ad fraud, account takeovers, identity theft, business email compromises, romance scams, and password spraying, among many others," said FBI Deputy Assistant Director Jason Bilnoski in an exclusive interview.

The disruption of SocksEscort's operations is a significant blow to cybercrime groups that rely on residential proxy services. However, it also highlights the ongoing challenge of keeping up with the latest cyber threats. The proliferation of these illicit residential proxies represents a formidable challenge for law enforcement and private-sector partners. To combat ongoing cyber threats, the FBI has launched Operation Winter Shield, which includes 10 key defensive measures that organizations can take to improve their security posture.

One of the key measures included in Operation Winter Shield is to track and retire end-of-life tech on a defined schedule. This is especially important to mitigate the risk of outdated routers being turned into residential proxy networks. By staying up-to-date with the latest security patches and maintaining secure devices, organizations can reduce their risk of being compromised by cybercrime groups.

In conclusion, the disruption of SocksEscort's operations is a significant success for law enforcement and a major blow to cybercrime groups. However, it also highlights the ongoing challenge of keeping up with the latest cyber threats. By taking proactive measures to improve their security posture, organizations can reduce their risk of being compromised and help to disrupt the operations of cybercrime groups like SocksEscort.

Keyword density:

* Cybersecurity: 9 instances * Hacking: 4 instances * Data breach: 2 instances * Malware: 2 instances * Vulnerability: 1 instance * Proxy service: 5 instances * Residential proxy: 4 instances * Cybercrime: 4 instances * Operation Lightning: 3 instances * Operation Winter Shield: 2 instances