New research finds more than 20 million U.S. Internet connections are being exploited to enable fraud, cyberattacks, and national security threats.

WASHINGTON, June 25, 2026 /PRNewswire/ — The Digital Citizens Alliance today announced the launch of a consumer awareness campaign to protect American households from cybercriminals and foreign threat actors looking to hijack U.S. Internet connections to commit a wide range of criminal and other illicit activities.

The campaign is born from Digital Citizens’ research released today, Cybercrime by Doorbell: How Illicit Actors “Borrow” the Internet Connections of Millions of Americans for Profit and Harm. The report details how devices such as smart doorbells, streaming boxes, routers, and free Virtual Private Network (VPN) applications are used by illicit actors to route malicious online activity through American households. An estimated 20 million U.S. Internet Protocol (IP) connections are exposed to exploitation after users give illicit actors access to them, often unknowingly.

Researchers purchased popular Android streaming boxes, including the VSeeBox V5 Pro sold through Walmart’s online marketplace. They discovered that the devices immediately connected to servers in China, transmitted device information, and accepted remote commands capable of installing or removing software.

Cybercriminals and foreign adversaries exploit these networks because traffic originating from a legitimate American household appears trustworthy to websites, banks, and security systems. That allows illicit actors to avoid detection while carrying out attacks that may ultimately be traced back to innocent consumers. U.S. intelligence and cybersecurity officials are increasingly concerned that nation-state actors are using residential Internet connections to target American critical infrastructure, like the China-linked “Volt Typhoon” operations that used compromised residential routers and devices to mask attacks against U.S. infrastructure systems.

These devices are often hijacked after an American user downloads free apps, connects piracy devices to their home network, or gives companies access to their excess bandwidth for payment. Once exploited, these IP connections can be used to facilitate fraud, credential theft, cyberattacks, child exploitation, and state-sponsored espionage.

“There is growing awareness in the technical and business communities about how IP connections are hijacked and exploited, but most American consumers are unaware of how more than 2 billion Internet-connected devices in their homes can be exploited,” said Tom Galvin, executive director of DCA. “When residential IP connections are hijacked, it enables illicit actors to disguise their real location and identity to commit crimes, putting Americans’ Internet security at risk. Americans need to know the risks to protect themselves.”

Yet, many Americans are unaware of how many Internet-connected devices are in their homes and the risks posed by activities such as downloading free apps from the Internet or connecting piracy devices to their home network, according to a June Digital Citizens research survey of 1,005 Americans. While a typical U.S. home has roughly 17 Internet-connected devices, more than half of Americans think they have 10 or fewer in their home.

And there is a troubling correlation between risky behaviors and Americans’ reports of cybersecurity issues. According to the survey, Americans who said they downloaded free apps – such as VPNs or other services – were 15 times more likely to be warned by their Internet service provider about suspicious activity on their home network and 3 times more likely to report a breach of financial or personal information. Likewise, Americans who said they connected a so-called piracy device to their home network were twice as likely to report being a victim of malware or having their Internet connection accessed without their permission.

“What makes residential proxy networks so dangerous is that most Americans have no idea their home connection could already be part of this infrastructure,” said Cory Wolff, director, Armada Proactive Services at risk3sixty. “The vast majority of internet connections used in these residential proxy networks carry extremely high fraud scores tied to criminal activity, yet it’s the consumer who ends up blacklisted or flagged when enforcement comes knocking.”

Consumer Awareness Campaign

The Digital Citizens’ awareness campaign includes:

• Public service announcements explaining how common consumer behaviors—such as downloading free apps or using unauthorized streaming devices—can expose home Internet connections to cybercriminals. Behaviors to avoid include the use of streaming devices that claim to provide free sports, TV shows, and movies, as they may contain malware or backdoors that hijack your IP connection. The FBI has specifically warned about cheap, off-brand Android TV boxes.

A social media campaign that:

• Features a video explaining the risks to Americans when their IP connections and Internet devices are hijacked and what to do if they find themselves at risk.
• Advises Americans how to file a complaint with the FBI Internet Crime Complaint Center (IC3) at ic3.gov if they suspect an IP connection or device in their home has been compromised.
• Urges Americans to replace routers or other household devices older than 3 to 5 years. When a hardware device is end of life, the manufacturer no longer sells the product and is not actively supporting the hardware, which means software updates or security patches are no longer released.
• The development of a free cybersecurity app that consumers can rely on to identify if their IP connection has been hijacked.

Key Investigative Findings

• The investigation found that more than an estimated 20 million U.S. IP connections are part of so-called residential proxy networks that allow users to disguise their real location and identity online by routing activity through residential Internet addresses. While originally developed for legitimate business purposes such as ad verification and website testing, these services are also used to facilitate fraud, credential theft, cyberattacks, child exploitation, and state-sponsored espionage.

• Investigators examining IP connections available on residential proxy networks found an average of 85 percent of these connections had indicators of prior fraud or criminal activity. Nearly half of the 26 million residential IP addresses tracked during the investigation appeared across multiple proxy services, increasing the likelihood of repeated exploitation.

• Previous reports have found that residential proxy infrastructure has been used by more than 550 cyber threat groups, including actors linked to Russia, China, Iran, and North Korea. The ecosystem has been tied to billions of dollars in fraud losses, including a $5.9 billion unemployment fraud scheme connected to the 911 S5 botnet operation.

Existing laws and industry standards have not kept pace with the growing threat posed by compromised consumer devices and residential Internet connections. Policymakers, manufacturers, and service providers must work together to strengthen protections for consumers and national security. U.S. laws fail to hold Internet providers and device manufacturers to a standard. There is no international certification for Internet connections, even though they enable state-sponsored attacks against the United States and billions in cybercrime. Given the threats that residential Internet-connected products pose to American interests – consumers, businesses, and national security – it’s time for policymakers to learn what those threats are.

The full report, Cybercrime by Doorbell, is available now.

Adam Benson
adam@vrge.us
Dan Palumbo
dan@vrge.us 

View original content:https://www.prnewswire.com/news-releases/digital-citizens-alliance-launches-national-campaign-to-prevent-hijacking-of-home-internet-devices-by-cybercriminals-and-foreign-threat-actors-302810249.html

SOURCE Digital Citizens Alliance