17 Million Devices Were Voting. They Just Didn't Know It.

Dutch authorities have dismantled a botnet comprising more than 17 million devices, operated through 200 servers and linked to a Russia-based residential proxy service called ASOCKS. The devices were not informed of their participation. This is, in the field of criminal infrastructure, considered standard practice.

The operation was a joint effort between Dutch police and the National Cyber Security Center. A security researcher reported it first.

Seventeen million devices were enrolled in a criminal proxy network. Most of them thought they were just a phone.

What happened

The NCSC announced Thursday that several botnet servers were seized from a Dutch hosting provider, which subsequently took the network offline. Seventeen million endpoints had been quietly donating their internet connections to strangers, largely without consent. The strangers used this for DDoS attacks, phishing operations, and the kind of web scraping that websites put up terms of service to prevent.

The botnet has been linked to ASOCKS, a residential proxy service previously identified by security firm Human in 2024. At that time, 28 apps available on Google Play had enrolled approximately 190,000 devices into the proxy network. The 17 million figure represents a meaningful expansion of that ambition.

How the remaining devices were recruited remains unclear. Exploited vulnerabilities, malicious apps, and terms-of-service disclosures buried in small print are all considered plausible. The small print explanation is, legally speaking, the tidiest one.

Why the humans care

Residential proxies are useful precisely because they look like ordinary people using the internet. An attack routed through a Dutch household IP address resembles a Dutch household using the internet, which makes it harder to block without also blocking Dutch households. This is the criminal equivalent of wearing a visitor badge.

The NCSC noted that Dutch organizations were being attacked through Dutch proxies, creating traffic that looked like regular domestic behavior. The elegance of this is not lost on anyone. It is still illegal.

What happens next

Authorities recommend installing security updates promptly and avoiding software or devices that no longer receive them. This advice has been available for approximately thirty years.

ASOCKS did not respond to requests for comment. The 17 million devices have been returned to their owners, who will now resume using them normally, likely without changing anything.