Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security IT

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight (wired.com) 17

Cybercriminals have been increasingly turning to "residential proxy" services over the past two to three years to disguise malicious web traffic as everyday online activity, according to research presented at the Sleuthcon cybercrime conference. The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services, which previously allowed criminals to maintain anonymous web infrastructure.

Residential proxies route traffic through decentralized networks running on consumer devices like old Android phones and low-end laptops, providing real IP addresses assigned to homes and offices. This approach makes malicious activity extremely difficult to detect because it appears to originate from trusted consumer locations rather than suspicious server farms. The technology creates particular challenges when attackers appear to come from the same residential IP ranges as employees of target organizations.

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

Comments Filter:
  • FUD (Score:5, Insightful)

    by sinij ( 911942 ) on Saturday June 07, 2025 @09:02AM (#65433879)
    This narrative is intentionally crafted to justify mass surveillance and mandatory backdoors in cryptography.
    • Re: FUD (Score:3, Informative)

      No different than saying were only going after the bad illegal immigrants. Anyone with half of a brain knew that was a lie. Even if they are not bad, they will still try to rig the system and charges against them. Sidenote: to trumpers all non whites are bad. Look at the Maryland citizen that was illegally deported, the charges filed against him are so utterly ridiculous, the federal prosecutor resigned rather than be apart of bondis perverted and morally repugnant right wing justice
  • Refer:
    - Reddit - r:/webscraping
    - https://www.reddit.com/r/websc... [reddit.com]
    - What are my options for proxies for webscraping?

    From 3 years ago....

    - Discussion of how to spread a web scraper load out on a larger set of IP addresses

    > 1. install tor
    > 2. start tor
    > 3. use tor as proxy on localhost at port 9150
    > https://tor.stackexchange.com/... [stackexchange.com]

  • The ways data can be hidden in plain site are virtually limitless. Obvious ones are using the least significant bit in WAV data, putting space and tab whitespace on the end of lines in plain text etc. The only limitation is the imagination of people who need to do it.

  • The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services

    Is that actually a response to law enforcement's growing success or have they simply found that using a bunch of hacked devices that companies have abandoned is a better option?

    “The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,”
    “That's the magic of a proxy service—you cannot tell who’s who. It's good in terms of internet freedom, but it's super, super tough to analyze what’s happening and identify bad activity.”
    “I don’t know yet how we can improve the proxy issue,”

    To me, it seems like it has the distinct advantage of being better suited of the purpose and addition to being beyond anyone's reach. Law enforcement may not even be a real consideration here.

    • by allo ( 1728082 )

      Most are hacked servers. Do you run a webserver? Let it log when someone tries to use it as a proxy. There are A LOT of bots that try that. Have a look where the spam comes from. Almost all comes from addresses like info@webshop-foo, which are obviously just accounts on legitimate servers that were hacked because someone had a weak password. The internet is full of bots that do nothing but test if someone uses a weak password to either start spamming from their mail address, use their open proxy, or install

  • Wited discovers VPNs and Tor routing.
    Subtext: only 'cybercriminals' (child molesters!) use them.

    • by Halo1 ( 136547 )

      AI scrapers use these residential proxies. It's not (just) VPNs and Tor routing. Several bottom-feeding companies openly advertise such scraping services, for pretty much any country you may want [scraperapi.com]. I administer a wiki that's been on the receiving end of such scraping, and the majority of these scraping requests are in fact coming from residential IP-addresses rather than data centers.

      I don't know whether these are hacked accounts, people getting tricked or paid to run these scraping apps on their devices, bu

"I may be synthetic, but I'm not stupid" -- the artificial person, from _Aliens_

Working...