Skip to content

FBI probes Alarum unit over co-opted home devices in location-masking network

FBI investigates Alarum on co-opted home devices
Share this article

The Federal Bureau of Investigation (FBI) is investigating whether NetNut, a subsidiary of Alarum Technologies, helped link home internet devices into a residential proxy network without owner consent. The Department of Justice (DOJ) seized multiple domains as part of the probe. Cybersecurity researchers have identified overlaps between NetNut and Popa software, which can allegedly co-opt devices without the owner’s knowledge.

The probe: Zombie devices and proxy networks

For you to understand better, residential proxy networks route internet traffic through everyday devices (could be laptops, smartphones, routers, and TV streaming boxes), making it appear as though traffic comes from a different location. 

Now, the thing is that while legitimate businesses use these networks to test products or scrape websites, hackers can also use them as “stolen passports” to disguise malicious traffic. 

Comcast has said that behind the “veneer” of legitimate uses “lies a murky, deeply entrenched supply chain connected with cybercrime.” Craig Labovitz of Nokia Deepfield compared residential proxies to “thousands of anonymous strangers sneaking into your home to get unlimited internet access.” And the FBI has described them as “a standard tool criminals use to look like ordinary users online” while carrying out bank fraud and other attacks.

NetNut, Popa, and the evidence

The investigation centers on Popa software, which can allegedly commandeer devices for proxy networks without owner consent. Cybersecurity firm Synthient reported that NetNut and Popa “share operational infrastructure and telemetry,” while Qurium identified “multiple technical and historical overlaps” between the technologies that are “unlikely to be coincidental.” 

NetNut (acquired by Alarum in 2019) sells access to tens of millions of proxy addresses. The FBI’s Houston office has been investigating since late last year, with the probe showcased at a multi-agency “ResProxy Sprint” meeting in Colorado. Alarum said it “will fully cooperate with law enforcement” but has previously called the reports “demonstrably inaccurate.”

The big picture: AI is pumping up the proxy market

The FBI investigation comes as the residential proxy market has exploded from a niche industry into a multi-billion-dollar business, and artificial intelligence (AI)-related companies are now a major driver. 

Analysts estimate the market generates anywhere from $100 million to $3 billion in annual sales, with growth accelerated by AI developers“voracious appetite for data scraped from websites.” On top of this, Nokia Deepfield’s Craig Labovitz noted: “We’ve gone from a market in the tens of millions of dollars to the billions. This largely seems to be due to AI companies.”

And this gets pretty messy for Web3 and crypto projects too, since a lot of them use these proxy networks for things like privacy-focused trades, node operations, and keeping their decentralized infrastructure running.

But if the supply chain for these services involves compromised or hacked devices, the entire sector faces reputational and regulatory risk, and turns into something even more darkly serious. At least the FBI investigation shows here that law enforcement is taking a hard look at the infrastructure underpinning location-masking services. And that’s something. 

And there’s another thing: projects that rely on proxy networks [from privacy coins to Decentralized Physical Infrastructure Networks (DePIN) protocols] may need to audit their infrastructure partners to avoid being associated with illegal data harvesting. Some do, some don’t.

Alarum reported $11.7 million in Q1 2026 revenue, a 64 percent jump year-over-year (YoY), “driven mainly by strong demand for the company’s proxy solutions.” But what matters here is whether that demand is sustainable if the supply chain is built on compromised/”zombie” devices, which is definitely a weird look.

About The Coin Headlines

The Coin Headlines strives to bring trust into crypto media. At a time when every soundbite and headline can move the markets from red to green and vice-versa, The Coin Headlines promises to bring verified, credible and timely news and analysis from the world of crypto, blockchain, Web3, tech and markets. Founded in 2026, The Coin Headlines is based in the UAE with a team of experienced journalists and editors covering breaking news and updates from around the world.

From covering the biggest events to interviewing some of the most popular KOLs in the industry, The Coin Headlines keeps you informed of the latest trends and insights.

At The Coin Headlines our focus is clear: Real-time news updates, market movements, whale transfers, macroeconomic trends, tech and AI and geopolitical breaking news. The news we report goes through a strict editorial audit before its published to ensure the readers only get verified and credible information. We realize the world of crypto is dynamic, volatile, and many times, confusing. At The Coin Headlines we break down these complex issues into simple articles which cater to not just the experienced trader but also the student and first-time investor who wants to understand the space before committing to it.