U.S. Authorities Dismantle Residential IP Proxy Ring 911 S5 for Illegally Accessing Over 19 Million IP Addresses to Provide VPN Services
Brook.X
Recently, U.S. law enforcement announced the takedown of the illegal residential proxy service 911 S5, which had cumulatively infiltrated more than 19 million IP addresses (and their associated devices), controlling over 120,000 active IP addresses to offer VPN services.
Residential IP proxy services are a common type of network service, existing primarily for security purposes and to circumvent platform restrictions against server IP access.
For instance, e-commerce websites like Amazon may ban or demote server IPs, leading some e-commerce businesses involved in Amazon sales to use U.S. residential IP proxy services for access. These IP addresses are relatively "clean" and less likely to be banned.
With demand comes supply, hence the market has seen various residential IP proxy services, essentially offering VPN services that allow users to connect to devices associated with residential IPs, thereby forwarding all traffic.
However, the demand from e-commerce sellers is minimal. The primary users of residential IP proxies are hackers and fraud rings, who use these services to mask their real IP addresses.
Massive Botnet:
In a sense, no residential IP proxy service is clean because amassing a vast number of IP addresses and associated devices is incredibly difficult, usually involving illegal intrusions.
For example, 911 S5's underlying ring controlled a massive botnet. Infected devices connected to the hackers' servers via malicious software, which, when users purchased the residential IP proxy service, would respond to commands to redirect traffic through these servers.
This ring's control extended far beyond the U.S. market, with "zombies" in various countries worldwide, providing residential IP addresses for unlawful activities. This global reach explains why U.S. authorities reported that 911 S5 had infiltrated devices associated with as many as 19 million IP addresses.
IP Addresses Used for Illegal Activities:
Clearly, the use of residential IP proxy services extends far beyond e-commerce sellers. This type of VPN service, which hides the real IP address, is actively sought after by various hackers and fraud rings.
Investigations also revealed fraud rings using 911 S5's residential IP proxies to apply for certain U.S. relief programs, causing losses of billions of dollars to the U.S. government, making the crackdown inevitable.
However, like most botnets, even though they have been dismantled, they may quickly resurge. 911 S5 had previously collapsed in 2022 but revived a few months later.
