Google has successfully disrupted a network that allowed bad actors to route internet traffic through consumer devices worldwide, enabling them to conceal illicit activities.
The network, which hijacked IP addresses owned by internet service providers serving residential and small business customers, made it harder for network defenders to identify and block malicious operations, according to a blog post from the Google Threat Intelligence Group (GTIG) on Wednesday, Jan. 28.
To take down the IPIDEA proxy network, Google employed multiple measures: taking legal action to remove domains linked to the network, sharing technical intelligence on IPIDEA’s software development kits (SDKs) and proxy software with platform providers, law enforcement, and research organizations, and ensuring that Android’s built-in security, Google Play Protect, warns users and removes apps known to contain IPIDEA’s SDKs.
“We believe our actions have caused significant degradation of IPIDEA’s proxy network and business operations, reducing the available pool of devices for the proxy operators by millions,” GTIG said in the post. “Because proxy operators share pools of devices using reseller agreements, we believe these actions may have downstream impact across affiliated entities.”
While GTIG believes that IPIDEA, one of the largest threats in this sector, has been disrupted, the residential proxy industry continues to expand rapidly.
The group emphasized that the risks posed by this sector can be mitigated through several measures: raising consumer awareness about apps that offer payment for “unused bandwidth” or “sharing your internet,” encouraging users to rely on official app stores, requiring residential proxy providers to provide auditable proof of user consent, urging app developers to vet any monetization SDKs they integrate, and promoting intelligence sharing and best practices among technology platforms to detect and counter illicit proxy networks.
