Hello and welcome to the Friday, January 30th, 2026 edition of the Sands Inundate Storm Centers Stormcast.

My name is Johannes Ulrich, recording a day from Jacksonville, Florida.

And this episode is brought you by the Sands.edu grad certificate program in cloud security.

Google announced today that it did take down the world's largest residential proxy network.

At least that's what Google is claiming here.

And residential proxy networks have been in the news quite a few times of the last year.

Now, in the past, and I'm talking about sort of 10 years or so ago, when we talked about these

type of proxy networks, what we usually talked about was compromised IoT devices, like in particular

routers were often used. There was a big sort of proxy network that was set up by a large,

more advanced attacker with microtick devices. But in this case, in addition to these

compromised devices, we also now have

criminal organizations that are essentially offering money for volunteers who will install

their proxy.

It's not always clear to these volunteers that what they're doing is actually contributing

to attacks and to illegal activity.

In part, you could also talk about tour here, and just someone setting up a tour exit node is a little bit similar in this sense.

But of course, tour exit nodes are usually publicly known and people can block them.

What really differentiates these residential proxy networks is that they are taking advantage of

average residential IP addresses that are very difficult, if not impossible, to distinguish from

normal traffic. What Google took actually down

here was some domains that this group used in order to advertise and manage their proxy network.

The individual users that set up these proxies, they probably still have these proxies running and that's something

...