Almost 2 months old article. I was struck that the FBI managed to do something. Although there were many other agencies involved so who knows what the FBI contributed if much at all.
full text
Operation Lightning takes down SocksEscort proxy network blamed for tens of millions in fraud
Jessica Lyons
Thu 12 Mar 2026
Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, costing businesses and consumers millions.
"SocksEscort is responsible for tens of millions of dollars in losses due to activity such as ransomware, ad fraud, account takeovers, identity theft, business email compromises, romance scams, and password spraying, among many others," FBI Deputy Assistant Director Jason Bilnoski told The Register in an exclusive interview.
On Wednesday, the FBI and law enforcement agencies from Austria, France, and the Netherlands seized 34 domains and 23 servers across seven countries as part of Operation Lightning. The US also froze about $3.5 million in cryptocurrency linked to SocksEscort. Private-sector organizations - Lumen's Black Lotus Labs and the Shadowserver Foundation - participated in the takedown.
"The servers that we seized through our law enforcement operation will most definitely lead us to additional evidence that will allow us to pursue further criminal activity," Bilnoski said, adding that the FBI and friends continue to investigate downstream criminals who used SocksEscort's proxy network. "We know the customer base of SocksEscort had approximately 124,000 users."
These types of proxy services hack residential routers and small business devices, and then sell access to the compromised machines for large-scale fraud and digital crimes.
Using compromised routers allows miscreants to mask their true online location - and their criminal activities - by making it appear to originate from a legitimate home or small-business user.
SocksEscort infected home and small business internet routers with a botnet called AVRecon. The malware allows criminals to remotely control the infected device, and direct internet traffic through the compromised routers.
Since the summer of 2020, SocksEscort has sold access to about 369,000 different IP addresses, according to the US Justice Department. As of last month, the criminal network listed access to about 8,000 infected routers to its customers; 2,500 of those were in the US.
Some of the victims include a customer of a cryptocurrency exchange who lived in New York and was defrauded of $1 million worth of cryptocurrency, a Pennsylvania manufacturing business defrauded of $700,000, and current and former US service members with Military Star cards who were defrauded out of $100,000.
Lumen's Black Lotus Labs in 2023 called AVRecon "one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history."
"The proliferation of these illicit residential proxies in recent years such as SocksEscort represent a formidable challenge for our government and private-sector partners," Bilnoski said. "Operations such as this one have a widespread and positive impact on the financial institutions, internet service providers, as well as individuals and small businesses."
To combat ongoing cyberthreats such as proxy services, the FBI last month launched Operation Winter Shield with 10 key defensive measures that organizations can take to improve their security posture. One of these - track and retire end-of-life tech on a defined schedule - is especially important to mitigate the risk of outdated routers being turned into residential proxy networks.
Having lived/worked in different environments with more homogenous or heterogenous cultural makeup, a lot of this depends on everyone having the same expectation. One reason why places like US have less (I think) is just that people are aware they can't predict anyone else's expectations or reactions. Anybody who comes from a culture of bribe or gift giving will soon get embarrassed when they attempt to do things in the normal way and the intended recipient reacts surprised, offended, maybe even reports them for bad behavior! but within these communities, bribes or gifts maybe still be expected if they can be done without attracting attention.
People give gifts of objects and consumables in addition to cash. And if the recipient is acculturated to it, these are warmly appreciated and do result in better treatment in the future. For example my friend works as an admin who controls access to stuff and the people who bring treats (especially from the preferred bakery, or quality home made) get the high preference. She can tell me about 10 years ago when this person brought a wonderful pie or something and has been forever blessed. A different person, different culture, might consider it rude for a stranger to bring food to them.
You might think, a pie is one thing, who cares about a pie. But sometimes there is jewelry, or free services at client businesses, gift cards, borrow the vacation home for the weekend, etc. There is no reason to expect cash would never be involved.
Another thing that isn't quite a bribe but is barely hidden is when the person has some sort of charity/church or side business you can donate to or patronize. Like if I also paint nails, I tell people about it at work and it can become known that whoever gets me to do their nails (and tips well) will get the most help. Or if you are contacting is, it'll help if you get some ancillary service or supplies from this business my family runs. Otherwise you might find yourself at the bottom of the list forever...
I think to some extent this is natural and human. See Debt by David graeber. But problem is, where is the line and how to enforce it. I wouldnt mind living in a world of small token gifts to acknowledge the value of other people. This is how some people adapt. I know someone who has many clients from a culture where it is mandatory to bring substantial gifts when obtaining the service he provides. My friend finds this unseemly and icky. There has arisen agreement that he will graciously accept cheap token gifts from his customers, a small fraction of the monetary value they want to give. But it still let's the ritual of gift giving be preserved.