Google Disrupts NetNut Residential Proxy Network
Google's Threat Intelligence Group (GTIG) has significantly disrupted NetNut, a large residential proxy network that utilizes home devices as relays for internet traffic. Working in conjunction with the FBI and Lumen, GTIG announced this week that its actions have reduced the network's pool of usable devices by millions. NetNut, also identified as Popa, is described as a network distributed across residential internet connections, enabling users to route their internet traffic through compromised or voluntarily shared home devices.
This operation targeted the infrastructure that facilitates the operation of residential proxy services, which are often used for a variety of purposes, including web scraping, market research, and advertising verification. However, these networks can also be exploited for malicious activities such as credential stuffing, fraud, and the distribution of malware. Google's GTIG stated that the degradation of NetNut's network is a critical step in disrupting the ecosystem that supports such illicit online activities.
The specific methods employed by Google to degrade the network were not fully disclosed, but the company indicated that the effort involved identifying and blocking the command-and-control servers and the devices participating in the NetNut network. The scale of the disruption is substantial, impacting a network that reportedly spanned millions of home devices. This action underscores the ongoing efforts by cybersecurity firms and law enforcement agencies to combat the misuse of compromised internet infrastructure.
NetNut's business model involves providing access to a large pool of IP addresses originating from residential networks, offering a seemingly legitimate way to bypass geo-restrictions or avoid detection during automated web requests. The disruption by Google, in collaboration with partners like the FBI and Lumen, highlights the vulnerability of such networks to coordinated takedowns and the potential risks associated with participating in or utilizing these services. The long-term impact on NetNut's operations and the broader residential proxy market remains to be seen.
Original source — read the full reporting at the publisher:
Read on The Hacker News