The discovery of a massive back door into American homes began with a phone call from a top Microsoft security executive to his counterpart at Comcast. The tech giant was investigating a digital break-in linked to a Russian hacking group and needed information on six IP addresses. Following that trail, Comcast investigators discovered that tens of millions of consumer devices had shipped into the U.S. with backdoor software pre-installed, turning them into criminal cloud-computing networks.
These networks, called residential proxy networks, let anyone who pays steer their internet traffic through an outside address, like an Airbnb for internet access. Government and industry officials say they have ballooned in scale and risk in recent years, with an estimated 20 million backdoors in the U.S. alone.
Residential proxy networks are now a go-to resource for nation-state hackers, who use them as a conduit to U.S. targets. In April, government agencies from nine countries warned that state-sponsored Chinese hackers were using networks of hacked consumer devices to conduct their operations.
Comcast's investigation began in February 2024, and it started with a phone call made to Davis, from her counterpart at Microsoft, Igor Tsyganskiy, who wanted to know more about the six Comcast IP addresses. Comcast's investigators eventually discovered that the IP addresses belonged to customers who were on a residential proxy network run by a Chinese provider named IPidea.
IPidea has used sneaky methods to get its software installed on consumer devices, including having it preloaded on video streaming boxes and digital picture frames. The company then rents out access where its software is installed so that its customers can bounce their internet traffic through a different home network.
As Comcast engineers pulled on the threads, they realized that these six IP addresses were part of a massive network of about 750,000 IP addresses located in homes and businesses. Comcast engineers had known that internet-connected devices were vulnerable to cyberattacks, but here was something different. It was a back door into America, operating at an industrial scale.
