International Law Enforcement Dismantles SocksEscort Proxy Network in Cryptocurrency Fraud Crackdown
Authorities confiscated 34 internet domains, 23 servers and secured $3.5 million in cryptocurrency assets connected to SocksEscort, a malicious proxy operation that compromised 369,000 devices worldwide.
American and European law enforcement officials announced on Thursday that they successfully dismantled SocksEscort, a malicious proxy network utilized by criminal actors to conceal their identities during fraudulent activities, including the unauthorized takeover of cryptocurrency accounts.
According to the DOJ, the criminal service had infiltrated a minimum of 369,000 routers and various internet-enabled devices located across 163 nations, providing cybercriminals with access to proxy systems that masked their actual IP addresses.
The illicit platform has allegedly facilitated various criminal activities, including financial institution fraud and unauthorized cryptocurrency account access, beginning in 2020. Prosecutors highlighted one particular incident where a victim based in New York suffered losses of approximately $1 million in digital currency.
Law enforcement officials reported the confiscation of 34 domain names, the disruption of approximately two dozen servers located in seven different countries, and the freezing of approximately $3.5 million in cryptocurrency assets tied to the criminal enterprise.
The network received at least $5.7 million from users
Customers gained access to the proxy network through a payment platform that enabled them to acquire the service without revealing their identities by using cryptocurrency, based on a statement released by Europol.
Law enforcement investigators calculated that SocksEscort collected no less than 5 million euros ($5.7 million) in payments from its customer base.
"Proxy services like 'SocksEscort' provide criminals with the digital cover they need to launch attacks, distribute illegal content and evade detection,"
Europol Executive Director Catherine De Bolle
"Operations like this show that when investigators connect the dots internationally, the infrastructure behind cybercrime can be exposed and shut down," she added.
The operation involved agencies from multiple countries
The shutdown represented a synchronized international collaboration that brought together law enforcement organizations from Austria, France, the Netherlands, Germany, Hungary, Romania and the US.
Among the American agencies that participated were the FBI Sacramento Field Office, the Department of Defense Office of Inspector General's Defense Criminal Investigative Service, and IRS Criminal Investigation Oakland Field Office. Both Europol and Eurojust contributed investigative and operational assistance for the international operation.
The DOJ additionally recognized the contribution of Black Lotus Labs, the threat intelligence division of the US telecommunications corporation Lumen Technologies, and the nonprofit organization Shadowserver Foundation, both of which supplied technical intelligence throughout the investigation.
Based on reporting from The Hacker News, SocksEscort operated using malware identified as AVrecon, the specifics of which were made publicly available by Black Lotus Labs in July 2023.