Russian Hackers Reportedly Hid Behind Americans' Home Networks

Russian military hackers have been hacking high-ranking targets in the United States and using a unique technique to conceal their activities. This is a way to disguise behind addresses that are associated with American homes and mobile networks.
Advertisement

The SolarWinds hackers have returned, in case you didn't notice. Microsoft researchers have revealed that cyber-spies believed to be Russian Foreign Intelligence Service members have been attacking American tech companies with a new hacking campaign. These hackers are alleged to be the same ones behind the SolarWinds hacking campaign, which hacked into the networks of at most nine federal agencies as well as more than 100 U.S-based companies. This led to multiple congressional hearings.

Bloomberg has released a new report that reveals the way hackers used to conceal their hacking activities. They deployed residential proxy servers, which allowed them to hide behind Americans' IP addresses.

A residential proxy is essentially a pool of IP addresses that can legally be purchased through specific internet service providers to anonymize. It works in a similar way to a VPN. The proxy masks your true IP address and allows you to conduct your online business anonymously. This seems to be an industry that is quite large. These services can be found by searching the internet. It's all legal, it seems.

Bloomberg reports that Russian hackers were able use Americans' IP addresses to make their online activities less suspicious.

G/O Media could be eligible for a commission on epic daily deals. Save big in the best Amazon Deals of the Day Prime-time savings

Discover the latest and greatest deals across all categories, curated exclusively by the Kinja Deals team. Click here to shop

An employee of cybersecurity firm Kentik, Doug Madory, explained to the outlet that residential proxies allow someone to hide their internet traffic by passing it through an unsuspecting user. This makes it appear as though the traffic originated in the U.S.

Although this is fascinating, there is something odd about the way it is so pedestrian. It would be reasonable to assume that Russian military hackers would use a more complex obfuscation method than anyone else. It turns out that this is not the case.

Advertisement

Regardless of how sophisticated the attack was, it seems that hackers have been able to keep themselves busy. Microsoft reported that the hacking group attacked 609 customers between July 1st to Oct. 19th, 2012. This is an increase of 22,868 attacks.

This activity shows that Russia seeks to establish long-term, systematic and consistent access to various points in the technology supply chains and create a mechanism for surveillance now and in future targets of interest to Russia, Tom Burt (Microsofts vice president for privacy and security) stated in a blog post.