FBI and Dutch police seize and shut down botnet of hacked routers

Tech Crunch - May 9th, 2025

In a major international crackdown, U.S. prosecutors announced the dismantling of a botnet and the indictment of four individuals accused of running it. The operation, dubbed “Operation Moonlander,” involved the FBI, Dutch National Police, and the U.S. Department of Justice. The botnet, allegedly run through the websites Anyproxy and 5Socks, was used to exploit vulnerabilities in thousands of internet-connected devices, primarily routers. These devices were subsequently used to create a network that provided cybercriminals with anonymized internet traffic. The accused individuals, three Russians and a Kazakh national, allegedly made over $46 million by offering this service as a proxy network under the guise of legitimate operations.

The significance of the operation lies in its demonstration of international cooperation in combating cybercrime. By shutting down these services, authorities have disrupted a network used for various malicious activities, including DDoS attacks and financial fraud. The case underscores the risks posed by outdated internet-connected devices and the importance of maintaining cybersecurity measures. The incident also highlights the ongoing challenge of balancing legitimate proxy network use with the potential for abuse, as residential IP addresses can provide anonymity for cybercriminal activities. The operation’s success serves as a warning to similar networks and emphasizes the need for vigilance in the cybersecurity landscape.

Indictment Fbi Department Of Justice Cybercrime Operation Moonlander Dutch National Police Anyproxy 5 Socks Botnet Proxies Alexey Viktorovich Chertkov Kirill Vladimirovich Morozov Aleksandr Aleksandrovich Shishkin Dmitriy Rubtsov

Story submitted by Fairstory

RATING

7.6

Fair Story

Consider it well-founded

The news story provides a comprehensive and timely account of a significant law enforcement operation against a botnet, supported by credible sources and detailed information. It successfully highlights the public interest in cybersecurity issues and the impact of cybercrime on global internet security. However, the story would benefit from greater balance by including perspectives from the accused individuals and more transparency regarding the methodologies used by cybersecurity firms. The article is well-structured and clear, although it could improve engagement by incorporating visual elements and explanations for technical terms. Despite these areas for improvement, the story effectively informs readers about the complexities and implications of cybercrime and law enforcement efforts.

Accuracy

The story presents a detailed account of a law enforcement operation that led to the shutdown of two services accused of running a botnet. The claims about the involvement of international law enforcement agencies, the indictment of specific individuals, and the financial gains from the botnet are well-supported by details such as the names of the accused and the operation's code name, "Operation Moonlander." The article references an indictment and a press release from the Department of Justice, which are authoritative sources. However, the story would benefit from direct quotes or confirmations from these agencies to strengthen its accuracy further. Additionally, while the article mentions the involvement of cybersecurity firms like Black Lotus Labs, it does not provide detailed evidence or reports from these firms to verify the botnet's operations and global reach.

Balance

The article provides a balanced view by including information from both law enforcement and cybersecurity experts. It details the alleged criminal activities and the technical aspects of the botnet, offering a comprehensive picture of the situation. However, the story does not present perspectives from the accused individuals or their legal representatives, which could provide additional context or counterarguments. Including these perspectives would enhance the balance by ensuring that all sides of the story are represented.

Clarity

The article is generally clear and well-structured, with a logical flow of information that guides the reader through the events leading to the shutdown of the botnet. The use of specific names, dates, and technical terms is appropriate and aids in comprehension. However, the article could benefit from a brief explanation of technical jargon, such as "password spraying" and "DDoS attacks," to ensure that readers without a cybersecurity background can fully understand the content.

Source quality

The sources cited in the article, such as the Department of Justice and Black Lotus Labs, are credible and authoritative in the fields of law enforcement and cybersecurity, respectively. These sources lend significant weight to the claims made in the story. However, the article could improve its source quality by including direct statements or interviews from these organizations, which would provide firsthand information and reduce reliance on secondary reporting.

Transparency

The article is transparent in its reporting by naming the law enforcement agencies involved and detailing the charges against the accused individuals. It also discloses the involvement of cybersecurity firms in tracking the proxy networks. However, the story lacks transparency in terms of explaining the methodology used by these firms to identify and track the botnet. Providing more information on how the cybersecurity firms conducted their investigations would enhance transparency and help readers understand the basis of the claims.