Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

Cybercriminals have been increasingly turning to "residential proxy" services over the past two to three years to disguise malicious web traffic as everyday online activity, according to research presented at the Sleuthcon cybercrime conference. The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services, which previously allowed criminals to maintain anonymous web infrastructure.

Residential proxies route traffic through decentralized networks running on consumer devices like old Android phones and low-end laptops, providing real IP addresses assigned to homes and offices. This approach makes malicious activity extremely difficult to detect because it appears to originate from trusted consumer locations rather than suspicious server farms. The technology creates particular challenges when attackers appear to come from the same residential IP ranges as employees of target organizations.

FUD

[sinij]

This narrative is intentionally crafted to justify mass surveillance and mandatory backdoors in cryptography.

Re: FUD

[ihavesaxwithcollies]

No different than saying were only going after the bad illegal immigrants. Anyone with half of a brain knew that was a lie. Even if they are not bad, they will still try to rig the system and charges against them. Sidenote: to trumpers all non whites are bad. Look at the Maryland citizen that was illegally deported, the charges filed against him are so utterly ridiculous, the federal prosecutor resigned rather than be apart of bondis perverted and morally repugnant right wing justice

Re:

[JustAnotherOldGuy]

Let's be real: to trumpers, all immigrants are bad. Trump himself has said so.

Re:

[ihavesaxwithcollies]

To trumpers any court order should be ignored and only what trump does is law.

Re:

[KGIII]

I confess, AC, I don't even know who voted their comment up.

I did note the 'increasingly' bit in the summary. That's because, as you know, this isn't new. Malicious actors have been doing this for a long time. They use these IPs for things like spamming, DDoS attacks, hiding traditional hacking at scale, and things like that.

They're just doing this more often because finding reliable hosts to provide them with compromised addresses. Then again, those hosts were already using hacked residential IP addresses.

Re:

[sinij]

If the main point was about insecure consumer networking equipment then the article would have prominently mentioned that and recommended liability and mandatory certification as a solution. Instead it spoke about proxies, IP addresses, and residential traffic. They are crafting this FUD to justify further domestic monitoring, crackdown on VPNs, and possibly mandatory backdoors. They are using cybercriminals as a pretext, as the stated problem is nothing new.

:Look up webscraping...

[will4]

Refer:
- Reddit - r:/webscraping
- https://www.reddit.com/r/websc... [reddit.com]
- What are my options for proxies for webscraping?

From 3 years ago....

- Discussion of how to spread a web scraper load out on a larger set of IP addresses

> 1. install tor
> 2. start tor
> 3. use tor as proxy on localhost at port 9150
> https://tor.stackexchange.com/... [stackexchange.com]

Can be Summarized in 3 Words

[kurt_cordial]

Summary, some don't

Steganography

[Viol8]

The ways data can be hidden in plain site are virtually limitless. Obvious ones are using the least significant bit in WAV data, putting space and tab whitespace on the end of lines in plain text etc. The only limitation is the imagination of people who need to do it.

Is it?

[Gravis Zero]

The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services

Is that actually a response to law enforcement's growing success or have they simply found that using a bunch of hacked devices that companies have abandoned is a better option?

“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,”
“That's the magic of a proxy service—you cannot tell who’s who. It's good in terms of internet freedom, but it's super, super tough to analyze what’s happening and identify bad activity.”
“I don’t know yet how we can improve the proxy issue,”

To me, it seems like it has the distinct advantage of being better suited of the purpose and addition to being beyond anyone's reach. Law enforcement may not even be a real consideration here.

Re:

[allo]

Most are hacked servers. Do you run a webserver? Let it log when someone tries to use it as a proxy. There are A LOT of bots that try that. Have a look where the spam comes from. Almost all comes from addresses like info@webshop-foo, which are obviously just accounts on legitimate servers that were hacked because someone had a weak password. The internet is full of bots that do nothing but test if someone uses a weak password to either start spamming from their mail address, use their open proxy, or install

News flash, subtext

[0xG]

Wited discovers VPNs and Tor routing.
Subtext: only 'cybercriminals' (child molesters!) use them.

Re:

[Halo1]

AI scrapers use these residential proxies. It's not (just) VPNs and Tor routing. Several bottom-feeding companies openly advertise such scraping services, for pretty much any country you may want [scraperapi.com]. I administer a wiki that's been on the receiving end of such scraping, and the majority of these scraping requests are in fact coming from residential IP-addresses rather than data centers.

I don't know whether these are hacked accounts, people getting tricked or paid to run these scraping apps on their devices, bu