It is important to know that residential proxy services (RPS) are legal. They can be used legitimately for commercial purposes such as market research. The person or company rents a residential IP address in order to use it as a relay for their Internet communications. The RPS allows them to bypass access control based on the source IP address (e.g. filtering of VPNs, cloud services, competitors, country access, etc.).
At this point, it becomes very difficult to trace the source of the malicious person, since, for the servers visited, the IP traffic appears to be coming from the leased residential IP address and not from the original user of the RPS.
By downloading one of these two VPNs, users may fall victim to the passage of illicit traffic on their own network. As a result, they expose themselves to serious legal problems. Moreover, it opens a door for malicious access to components of their local network (e.g. devices connected to the home WIFI). An infected computer that connects to a corporate network for telecommuting also exposes the resources on that network to malicious access.
VPNs like the ones studied by Prof. Frappier and his team hide behind seemingly normal operation. The most common antivirus programs cannot even detect them. To remedy an infection, various options are available, including simple uninstallation. Some computers seem to be infected without intentionally installing MaskVPN or DewVPN. An important indicator of belonging to the 911.re network is the existence of mask_svc.exe or dew_svc.exe processes, which manage proxy communications.
A concrete contribution to cybersecurity here and elsewhere in the world
The three researchers presented their discovery on June 9 to cybersecurity law enforcement agencies in Canada, the United States, the United Kingdom, Europe and Australia, as well as to representatives of various Internet service providers and the financial industry in Canada and around the world. The researchers would like to thank the CRTC’s Electronic Commerce Enforcement team for organizing this event. The webinar focused on the recruitment process of the 911.re RPS, its communication architecture, its indicators of compromise as well as countermeasures to disable it.
The University of Sherbrooke is at the forefront of cybersecurity development. It trains future cybersecurity specialists. Several study programs are offered in addition to online training and a summer school. Bringing together expertise from various disciplines, the UdeS research teams actively participate in the advancement of knowledge in cybersecurity. They contribute to making Sherbrooke a major pole in this field.
Article from the Université de Sherbrooke news: https://www.usherbrooke.ca/sciences/actualites/nouvelles/details/47866
More information on how it works: https://gric.recherche.usherbrooke.ca/rpaas/