The IPStorm botnet targeted Windows, Linux, Mac, and Android devices and claimed victims in Asia, Europe, North America, and South America.
A Russian-Moldovan national has pleaded guilty to operating an illegal botnet proxy service called IPStorm, responsible for infecting thousands of internet-connected devices worldwide.
Sergei Makinin, 32, of Moscow, Russia, was arrested by the F.B.I. with the cooperation of law enforcement authorities in Spain and Bitdefender, which provided cybersecurity consulting, resources, and guidance to track the suspect.
Makinin pleaded guilty to “three counts of violating 18 U.S.C. § 1030(a)(5)(A) Fraud and Related Activity in Connection with Computers,” in a district court in Puerto Rico as per the U.S. Department of Justice press release.
Makinin was suspected of running an extensive botnet-for-rent operation called Interplanetary Storm (IPStorm) used for illegal activities from June 2019 through December 2022. Bitdefender first documented the operation in a research paper in October 2020.
The botnet targeted Windows, Linux, Mac, and Android devices and claimed victims in Asia, Europe, North America, and South America. IPStorm anonymized its users’ internet traffic, allowing them to conduct malicious activities such as hacking, identity theft, and fraud.
In his guilty plea, Makinin admitted that he and his accomplices ran IPStorm from 2015 to 2019 and successfully compromised over 40,000 devices using the IPStorm malware and 23,000 “highly anonymous” proxies. The domains used by Makinin is the scam were proxx.io and proxx.net.
The IPStorm malware allowed Makinin hijack the devices and use them as a proxy. Cybercriminals preferred the service because it was inexpensive, easy to use, and effectively anonymized their internet traffic. Makinin also admitted to developing/distributing malware for infecting the devices, earning $550,0000, and laundering the money.
Makinin is the first to be charged in connection with IPStorm. He faces up to 10 years in prison and will have to forfeit the cryptocurrency wallets linked with the scam. The sentencing is yet to be scheduled. Meanwhile, the F.B.I. and DoJ will continue to investigate the service.
Commenting on this development is the operation’s lead researcher and Bitdefender’s Investigation and Forensics Unit’s senior director, Alexandru Catalin Cosoi. Cosoi shared with Hackread.com that IPStorm was a “complex” botnet rented by cybercriminals for various nefarious activities:
“The Interplanetary Storm botnet was complex and used to power various cybercriminal activities by renting it as a proxy as a service system over infected IoT devices. Our initial research back in 2020 uncovered valuable clues to the culprit behind its operation, and we are extremely pleased it helped lead to arrests,” Cosio explained.
“This investigation is another primary example of law enforcement and the private cybersecurity sector working together to shut down illegal online activities and bring those responsible to justice.”
Makinin’s conviction is a significant victory for law enforcement in the fight against cybercrime. Botnet proxy services remain a serious threat because they are used to committing cybercrimes. This development sends a strong message to other cybercriminals that they will be held accountable for their actions sooner or later.
RELATED ARTICLES
- Russian Cybercriminal Pleads Guilty to Operating Kelihos Botnet
- Man whose DDoS attacks took down entire country’s Internet jailed
- Luminosity RAT author pleads guilty to creating, selling hacking tool
- 2 Russians charged in Mt. Gox Bitcoin heist, BTC-e money laundering
- No Prison for Student who Developed Spam Botnet to Pay College Fee