Shachar Daniel

FBI investigation into Alarum sparks stock rout and service suspension

Israeli internet technology company temporarily halts parts of its network as U.S. authorities probe its residential proxy business.

Israeli technology company Alarum has become the focus of an FBI investigation that triggered a dramatic collapse in its share price on both Nasdaq and the Tel Aviv Stock Exchange and prompted the company to suspend part of its operations.
The U.S. Federal Bureau of Investigation is examining whether NetNut, an Alarum subsidiary, played a role in connecting customers' home internet devices, without their consent, to a residential proxy network that could be used to disguise users' locations, according to documents reviewed by Bloomberg and people familiar with the matter.
1 View gallery
שחר דניאל מנכל סייפטי
שחר דניאל מנכל סייפטי
Shachar Daniel
(company website)
Alarum's shares plunged 71.3% on the Tel Aviv Stock Exchange on Friday, leaving the company with a market capitalization of NIS 50.7 million, while its shares also fell sharply on Nasdaq during regular and after-hours trading. Alarum provides organizations with internet access and web data collection services, operates without a controlling shareholder, and is led by CEO Shachar Daniel.
The investigation centers on residential proxies, services that route internet traffic through home broadband connections in different parts of the world, allowing users to appear as though they are browsing from another country. For example, someone in Israel could appear to be accessing the internet from a residential connection in the United States.
Residential proxy networks have legitimate commercial uses, including allowing businesses to verify how websites appear in different countries or collect publicly available online data. Consumers also use them to access region-restricted online content. However, cybersecurity experts and internet service providers have long warned that such networks can also be used to conceal criminal activity, including fraud, illegal purchases, and cyberattacks. Unlike VPNs, which route traffic through dedicated servers, residential proxy services send traffic through the internet connections of ordinary users.
According to Bloomberg, FBI agents have spent more than a year investigating possible links between NetNut, which sells access to residential proxy networks, and software known as Popa, which investigators believe can be used to compromise users' devices.
On Thursday, Alarum disclosed that it and NetNut had been notified that the FBI had seized certain domains associated with NetNut. A day later, the company warned that the seizure had disrupted parts of its services and said that if those disruptions continue, they could have a material adverse effect on its operations, financial results, and ability to provide services to customers.
On Sunday morning, Alarum announced that, as a precautionary measure, it had decided to temporarily suspend data traffic across the affected network services for several days.
According to the company, the suspension is intended to allow it to investigate the incident, assess the affected infrastructure, determine whether any malicious activity occurred, and implement any corrective measures before restoring normal operations. Alarum said it believes the temporary shutdown is the most responsible course of action while the investigation continues.
As a result, the availability of some of the company's services is expected to be significantly reduced during the suspension period. Alarum added that it has allocated substantial technological and operational resources to the investigation and recovery process and is working to restore normal operations as quickly as possible.
Residential proxy networks operate using software installed on everyday devices such as laptops, smartphones, routers, and smart TV set-top boxes. In some cases, users knowingly install the software in exchange for modest financial compensation. In other cases, according to cybersecurity researchers, devices become part of proxy networks without their owners' knowledge.
"I think of residential proxies as thousands of anonymous strangers sneaking into your home to gain unrestricted access to the internet," said Craig Labovitz, chief technology officer of Nokia Deepfield's cybersecurity platform. "Most users may not even notice the uninvited internet proxy tenants until the police show up at their door investigating a cybercrime originating from their home."
Labovitz added that "hundreds of millions of homes around the world have devices running proxy networks, and the vast majority of them do so without their owners' knowledge."
He said that while it is difficult to determine the exact nature of activity conducted through these networks, the majority of observed traffic appears to be malicious.
According to analyses published last month by cybersecurity firms Synthient and Qurium, Popa can be used to recruit devices into proxy networks without their owners' consent. Bloomberg reported that the software has been found on Android-based devices worldwide, particularly smart TV set-top boxes.
Bloomberg also cited reports by Synthient and Qurium identifying what they described as technical and operational overlaps between NetNut and Popa. Another cybersecurity firm, Spur, alleged that NetNut requires relatively limited customer verification and provides access to networks that include users who did not knowingly consent to participate.
Alarum previously told KrebsOnSecurity that the Synthient and Qurium reports contained demonstrably inaccurate claims and flawed conclusions rather than verified facts.
In the same statement, NetNut said it operates a commercial proxy network and has policies, procedures, and technological safeguards designed to promote the legal and responsible use of its services.
The company said it employs notice and consent mechanisms, conducts customer due diligence, monitors for potential abuse, and takes steps to detect and mitigate suspicious or unauthorized activity.
The FBI investigation forms part of a broader effort by U.S. law enforcement agencies to scrutinize residential proxy networks. Internet service providers and cybersecurity companies have warned that such networks have enlisted millions of devices worldwide.
Omer Weiss, Alarum's corporate legal counsel, said in a statement: "Alarum takes this matter seriously and will cooperate fully with law enforcement authorities to ensure that any misuse of its infrastructure is thoroughly investigated, and that those responsible are held accountable."