IPStorm Botnet Dismantled by Law Enforcement; Creator Faces Prison Time
The U.S. Department of Justice has announced that the FBI has dismantled the IPStorm proxy botnet network and its infrastructure. The botnet’s creator, Sergey Makinin, a citizen of Russia and Moldova, previously pleaded guilty to three charges and now faces up to 10 years in prison for each count.
Background and Evolution of IPStorm
IPStorm was first detected by cybersecurity experts at Anomali in June 2019, initially targeting only Windows machines. At that time, the botnet consisted of about 3,000 infected systems. Researchers noted several unique features specific to IPStorm. The malware’s full name, InterPlanetary Storm, is derived from the InterPlanetary File System (IPFS), a peer-to-peer protocol the malware used to communicate with infected devices and transmit commands.
Over time, IPStorm evolved to attack devices running Android, macOS, and Linux, including IoT devices. This allowed hackers and cybercriminals to anonymously route malicious traffic through compromised devices worldwide. According to law enforcement, victims of IPStorm unknowingly became accomplices to cybercriminal activities and were at risk of receiving even more dangerous payloads at any time.
Commercialization and Operation
IPStorm was promoted through the websites proxx.io and proxx.net, advertised as a service offering more than 23,000 anonymous proxy servers globally.
“According to court documents, from at least June 2019 to December 2022, Makinin developed and distributed malware to hack thousands of internet-connected devices worldwide, including in Puerto Rico,” the DOJ statement reads. “The main goal of the botnet was to turn infected devices into proxy servers as part of a commercial scheme, providing access to these proxies through Makinin’s websites, proxx.io and proxx.net.”
Legal Proceedings and Profits
In court, Makinin admitted to creating the botnet in 2019 and earning at least $550,000 from selling access to his proxy services. He also agreed to forfeit cryptocurrency obtained through his crimes. Each of the three charges carries a potential sentence of up to 10 years in prison.
Technical Details and International Cooperation
Technical details about IPStorm and its various versions can be found in a report by Intezer, a company that assisted the FBI in gathering information, originally published in October 2020.
The investigation into IPStorm’s activities involved law enforcement agencies from several countries, including Spain’s National Police, the Dominican Republic’s Department for Combating International Organized Crime, and specialists from the country’s Ministry of Internal Affairs and Police.