911 Proxy Service Implodes After Disclosing Breach

911 service as information technology existed until July 28, 2022.

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, appear this calendar week that information technology is shutting downwards in the wake of a information breach that destroyed key components of the company's business operations. The abrupt shutdown comes ten days subsequently KrebsOnSecurity published an in-depth wait at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911'due south proxy software with other titles, including "gratuitous" utilities and pirated software.

911[.]relating to is was i of the original "residential proxy" networks, which let someone to rent a residential IP address to use equally a relay for his/her Internet communications, providing anonymity and the benefit of being perceived as a individual user , who surfs the spider web.

Residential proxy services are often marketed to people seeking the ability to avoid country-specific blocking by the major picture and media streaming providers. But some of them — similar 911 — build their networks in role by offering "complimentary VPN" or "free proxy" services powered by software that turns the user's PC into a traffic relay for other users. In this scenario, users can actually use a free VPN service, just they are oftentimes unaware that it will plough their reckoner into a proxy that lets others use their Net address to shop online.

From a website's perspective, the IP traffic of a private proxy network user appears to originate from the rented residential IP address, not from the proxy service client. These services can be used legitimately for several business organisation purposes – such every bit toll comparisons or sales intelligence – just they are massively misused to hibernate cybercrime because they can make information technology difficult to trace malicious traffic to its original source.

As noted in KrebsOnSecurity's July 19 story about 911, the proxy service operated several pay-per-install schemes that paid affiliates to covertly bundle the proxy software with other software, generating a constant stream of new proxies for the service.

A cached copy of flash update[.]net around 2016, which shows information technology was the website of a pay-per-install affiliate program that incentivized the silent installation of 911's proxy software.

Within hours of that story, 911 posted a message at the top of its page proverb, "We are reviewing our network and adding a number of security measures to prevent misuse of our services. Proxy remainder acme-ups and new user registration are closed. We are reviewing all existing users to ensure that their use is legitimate and [in] compliance with our terms of service."

Upon this announcement, all hell broke loose on various cybercrime forums, with many longtime 911 customers reporting that they were unable to use the service. Others afflicted by the outage said it appeared 911 was trying to implement some sort of "know your customer" rules — that 911 might just be trying to weed out the customers who were using the service for big amounts of cybercriminal activity.

And so on July 28, the 911 website began redirecting to a message that said, "We regret to inform you that nosotros permanently shut downwardly 911 and all of its services on July 28."

According to 911, the service was hacked in early on July and information technology was discovered that someone was manipulating the balances of a large number of user accounts. 911 said the intruders driveling an application programming interface (API) that handles topping upwardly accounts when users brand financial deposits with the service.

"Not sure how the hacker got in," the 911 message reads. "Therefore, we immediately shut downwardly the charging system, new user registration and an investigation started."

The farewell message from 911 to its users, posted on the website July 28, 2022.

Regardless of where intruders came in, 911 said, it likewise managed to overwrite critical 911[.]re servers, data and backup copies of this data.

"On July 28, a large number of users reported that they were unable to log into the system," the argument continues. "We institute that the data on the server was corrupted past the hacker, resulting in the loss of data and backups. Its [sic] confirmed that the recharge system was also hacked in the aforementioned way. We were forced to make this difficult decision due to the loss of important data that rendered the service unrecoverable."

Operated largely from China, 911 was a hugely pop service beyond many cybercrime forums, becoming something similar critical infrastructure for that customs after two of 911'due south longtime competitors – malware-based proxy services VIP72 and LuxSocks — closed their doors in the by year.

Now, many on the criminal offense scene who relied on 911 for their operations are wondering aloud if in that location are any alternatives that match the calibration and utility that 911 offered. The consensus seems to be a resounding "no".

I gauge we may soon learn more about the security incidents that caused 911 to implode. And mayhap other proxy services will emerge to come across what appears to be a growing demand for such services at the moment, with relatively picayune supply.

Meanwhile, 911's absence could coincide with a measurable (if only short-lived) reprieve in unwanted traffic to top internet destinations, including banks, retailers and cryptocurrency platforms, equally many former customers of the proxy service scramble to make alternative arrangements.

Riley Kilmerco-founder of the proxy-tracking service Spur.usa, said 911's network volition be hard to replicate in the brusk term.

"My speculation is [911's remaining competitors] is going to get a big boost in the short term, simply a new player will somewhen come along," Kilmer said. "None of these are good replacements for LuxSocks or 911. Withal, they will all allow anyone to use them. For swagrates, the attempts will go on, but through these replacement services, which should exist easier to monitor and stop. 911 had some very clean IP addresses."

911 wasn't the only major proxy provider to disclose a alienation this week linked to unauthorized APIs: On July 28, KrebsOnSecurity reported that internal APIs exposed to the web had leaked the customer database of Microleaves, a proxy service, that rotates its customers' IP addresses every v to x minutes. This investigation found that Microleaves – like 911 – had a long history of using pay-per-install schemes to spread its proxy software.

Source: https://aumag.net/911-proxy-service-implodes-after-disclosure-of-breach-security-cancer/

Posted by: gipsonforideare.blogspot.com