Dutch Police Took Down a 17-Million-Device Botnet — But the Job Isn't Done
Dutch police and the national cybersecurity agency NCSC dismantled a botnet that had quietly enslaved 17 million devices across 163 countries — routers, smartphones, smart-home gadgets, and more. The operation, carried out on May 28–29, 2026, physically seized around 200 command servers housed in Netherlands data centers. The catch: the Asocks website remained accessible after the takedown, and every infected device is still infected.
What Asocks actually was
Asocks wasn't just a hacking tool — it was a commercial service. Criminals rented access to the botnet's pool of compromised home devices to disguise their activity as ordinary household internet traffic. Security filters rarely flag a request coming from a suburban router, which made the network valuable for phishing campaigns, spam runs, and DDoS attacks. The whole operation came to light after a security researcher spotted unusual proxy-network activity and tipped off the NCSC, per Help Net Security.
A win with an asterisk
Seizing the command servers cuts off the botnet's central nervous system — for now. But it doesn't scrub the malware from the 17 million devices still out there. As Martin Cid Magazine noted, the malware can persist until a new operator takes control of the same devices. No arrests have been announced; the architects of the network remain unidentified. The Asocks site being live after the raid suggests the underlying business infrastructure wasn't fully destroyed.
This follows a familiar pattern. The SocksEscort proxy botnet — dismantled in March 2026 — had compromised 369,000 devices with victims in the US and UK, and the UK NCSC warned in April 2026 that China-linked threat actors increasingly rely on exactly this kind of residential proxy abuse to evade detection.
What you should do right now
The Dutch NCSC's advice is straightforward. Change the default password on your router — most people never do, and factory credentials are the easiest entry point. Enable WPA2 or WPA3 encryption on your Wi-Fi. Apply any pending firmware updates on your router, smart speakers, cameras, and other connected devices. These aren't just good habits; they are the specific defenses that would have prevented many of the 17 million devices from being recruited in the first place.
The takedown is a genuine disruption to the criminals who ran Asocks — rebuilding that kind of infrastructure takes time and money. But until the people behind it face charges, and until millions of device owners clean up their own hardware, calling this a complete victory is premature.
