In a large-scale international investigation, the Amsterdam police, led by the Public Prosecution Service, and the American FBI have taken down the criminal proxy service Anyproxy. This service had been used by cybercriminals since 2004 to anonymously commit criminal acts, including phishing, ransomware attacks and data theft.
Moonlander seizure notice posted by the U.S. Attorney’s Office for the Northern District of Oklahoma, the FBI, and Dutch National Police.
Anyproxy has been used to shut down networks worldwide, steal large sums of money and steal sensitive data – while the perpetrators have remained out of sight. The longevity of the service and the millions of euros in damage it has caused underscore the importance of this action in preventing large-scale cyberattacks.
What is a proxy service?
A proxy service acts as an intermediary on the internet and hides the user’s real IP address. This makes the internet traffic appear to come from another device, for example a router in a Dutch household. Cybercriminals abuse these types of routers, often outdated devices without security updates (so-called “end-of-life” equipment), and then offer them for rent via underground marketplaces – only against anonymous payment in crypto currency. This makes it difficult to track down perpetrators.
While proxy services themselves are not illegal – many companies use them for privacy protection or access to blocked content – they are also abused by criminals to cover their tracks.
International research
The investigation began after the Amsterdam police discovered that a Dutch citizen’s IP address was being misused for digital fraud. This led to the discovery that cybercriminals were gaining access to outdated routers of legitimate internet connections via Anyproxy, which helped them remain undetected.
Anyproxy was responsible for over 6,000 abused IP addresses, many of which were in the United States, according to police investigations. The police then decided to collaborate with the FBI under the name ‘Operation Moonlander’.
Dismantling criminal infrastructure
The Netherlands has one of the best connected digital infrastructures in the world. Especially in and around Amsterdam there are about sixty data centers. These data centers appear – due to the open nature of the market and lack of supervision of hosting services – to be an important base for illegal practices. The police investigation has shown that part of Anyproxy is hosted in the Netherlands.
On Wednesday, May 7, servers of Anyproxy and other affiliated proxy services were seized and taken offline worldwide. This action marks a major step in the fight against organized cybercrime, dismantling a crucial digital infrastructure of criminals.
Do the check yourself – is your router safe?
It turns out that thousands of old routers worldwide that no longer receive updates are being abused without their owners’ knowledge as digital cover for criminal activities such as phishing and ransomware attacks. Outdated routers are an attractive target for cybercriminals. It is important to check whether your router is still supported and whether you receive regular security updates. If you do not receive them, it is time to replace your router. If your router is hacked, this can lead to slower internet, unreliable connections or even the loss of personal data. Cybercriminals can gain access to your network and infect your devices with malware. So make sure that your router is always up to date and well secured.
With this operation, the Netherlands is sending a strong signal: our digital infrastructure must not be a safe haven for criminals. Better legislation is necessary to achieve structural effect. A clear appeal has already been made to the cabinet from the Amsterdam Triangle, including for the introduction of a mandatory Know-Your-Customer (KYC) policy and the banning of anonymous crypto payments.
American Justice
The US Department of Justice has charged three Russians and a Kazakh national for their roles in the criminal proxy services Anyproxy and 5socks.
