Through Anyproxy, networks were taken down worldwide, large sums of money were stolen, and sensitive data was taken - while the perpetrators remained out of sight. The long-term operation of the service and the millions of euros in damage caused underline the importance of this action in preventing large-scale cyberattacks.
What is a proxy service?
A proxy service acts as an intermediary on the internet and hides the users real IP address. This makes it appear that the internet traffic is coming from another device, for example, from a router of a Dutch household. Cybercriminals abuse such routers, often outdated devices without security updates (so-called end-of-life equipment), and then offer them for rent via underground marketplaces - exclusively for anonymous payment in cryptocurrency. This makes it difficult to track down perpetrators.
Although proxy services are not illegal in themselves – many companies use them for privacy protection or access to blocked content – they are also abused by criminals to cover their tracks.
International Investigation
The investigation began after the Amsterdam police discovered that the IP address of a Dutch citizen was being misused for digital fraud. This led to the discovery that cybercriminals accessed outdated routers of legitimate internet connections via Anyproxy, which helped them remain unnoticed.
According to police investigations, Anyproxy was responsible for over 6,000 abused IP addresses, a large number of which were in the United States. The police then decided to cooperate with the FBI under the name ‘Operation Moonlander’.
Dismantling Criminal Infrastructure
The Netherlands has one of the best-connected digital infrastructures in the world. Especially in and around Amsterdam, there are about sixty data centers. These data centers prove to be an important base for illegal practices due to the open nature of the market and lack of oversight on hosting services. Police investigations have shown that part of Anyproxy is hosted in the Netherlands.
On Wednesday, May 7, servers of Anyproxy and other affiliated proxy services were seized and taken offline worldwide. This action marks an important step in the fight against organized cybercrime, dismantling a crucial digital infrastructure of criminals.
Check Yourself – Is Your Router Safe?
It turns out that thousands of old routers worldwide, which no longer receive updates, are being misused as a digital cover for criminal activities such as phishing and ransomware attacks, without the owners knowing. Outdated routers are an attractive target for cybercriminals. It is important to check whether your router is still supported and whether you regularly receive security updates. If you do not receive these, it is time to replace your router. If your router is hacked, it can lead to slower internet, unreliable connections, or even the loss of personal data. Cybercriminals can gain access to your network and infect your devices with malware. Therefore, make sure your router is always up-to-date and well secured.
Check via https://veiliginternetten.nl/doe-je-updates/ if your equipment is vulnerable. Companies can refer to https://www.ncsc.nl/documenten/publicaties/2019/mei/01/zicht-op-risicos-van-legacysystemen
Need for Stricter Legislation
With this operation, the Netherlands sends a strong signal: our digital infrastructure must not be a safe haven for criminals. To achieve structural effects, better legislation is necessary. A clear call has already been made from the Amsterdam triangle to the cabinet, including for the introduction of a mandatory Know-Your-Customer (KYC) policy and the banning of anonymous cryptocurrency payments.
American Justice
The American justice system has charged three Russians and one Kazakhstani national for their role in the criminal proxy services Anyproxy and 5socks.
For more information, see:
- https://www.justice.gov/usao-ndok/pr/botnet-dismantled-international-operation-russian-and-kazakhstani-administrators
- https://x.com/FBI/status/1920237529204166742?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet
- https://x.com/FBI/status/1920222337653145618?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet