Israeli technology company Alarum is at the center of an FBI investigation that sent its shares crashing on the Nasdaq and the Tel Aviv Stock Exchange and led the company to suspend part of its activity.
The U.S. Federal Bureau of Investigation is examining whether NetNut, an Alarum subsidiary, played a role in connecting customers’ home internet devices, without their consent, to a network that users can use to mask their location, according to documents reviewed by Bloomberg and confirmed by people familiar with the matter.
Alarum’s share price plunged 71.3% on the Tel Aviv Stock Exchange on Friday, leaving it with a market value of 50.7 million shekels ($15.5 million). The stock also fell by dozens of percentage points on the Nasdaq, both at the close and in late trading.
Alarum provides organizations with internet access and web data collection services. The company has no controlling shareholder and is led by CEO Shachar Daniel.
The investigation concerns residential proxy networks, services that route internet browsing through home internet connections in different parts of the world, allowing users to appear to websites as if they are connecting from an IP address that is not their own. For example, a user in Israel could appear to be browsing from a home in the United States.
Such networks can have legitimate uses, including allowing businesses to check how their websites appear in different countries or collect public data from websites. Sports fans may also use them to watch games available only in certain regions.
But cybersecurity experts and internet service providers have warned that residential proxy networks can also be used to conceal criminal activity, including fraud, illegal purchases and cyberattacks. Unlike a VPN, which routes browsing through dedicated servers, a residential proxy network routes traffic through the home internet connections of private users.
According to Bloomberg, FBI agents have been investigating for more than a year possible links between NetNut, which sells access to residential proxy networks, and software called Popa, which is alleged to be used to take control of users’ devices.
Last Thursday, Alarum reported that it and NetNut had been notified of the seizure of certain domains related to NetNut by the FBI. A day later, Alarum said the developments had caused disruptions in some of its services and warned that if the disruptions continued for an extended period, they could have a material negative impact on its business, financial results and ability to provide some services to customers.
On Sunday morning, Alarum said that as part of the investigation and as a precautionary measure, it had decided to temporarily suspend data traffic through the relevant network services for several days.
The company said the step was meant to allow it to investigate the incident, assess affected infrastructure, determine whether any malicious activity had occurred and implement any measures it considers appropriate before returning to normal operations.
Alarum said it viewed the temporary suspension of data traffic as the most responsible course of action while the investigation continues. As a result, the availability of the company’s services is expected to decline significantly during the period. The company said it is allocating significant technological and operational resources to the investigation and recovery process and is working to restore normal activity as soon as possible.
The networks in question operate through dedicated code installed on everyday devices such as laptops, smartphones, routers and streaming TV boxes. In some cases, device owners agree to install the software in exchange for a few dollars a month. In other cases, devices are added to residential proxy networks without their owners’ knowledge, cybersecurity experts say.
“I think of residential proxies as thousands of anonymous strangers sneaking into your home to get unfettered access to the internet,” said Craig Labovitz, chief technology officer of Nokia Deepfield, Nokia’s network security platform.
“Most users may not even notice the internet’s unwanted proxy tenants until police arrive at their door as part of a cybercrime investigation that originated from their home,” he said.
Labovitz said devices in hundreds of millions of homes around the world are running proxy networks, and that the vast majority are doing so without their owners’ knowledge. While it is difficult to determine the nature of the activity on those networks, he said, most of the traffic appears to be malicious.
According to analyses published last month by cybersecurity firms Syntiant and Qurium, Popa can be used to recruit a device into a proxy network without the owner’s consent. Bloomberg reported that the software was found on Android-based devices around the world, mainly smart TV boxes.
Bloomberg also cited reports by Syntiant and Qurium that identified technical and operational overlaps between NetNut and Popa. Security firm Spur separately claimed that NetNut allegedly requires limited verification of its customers and allegedly provides access to networks belonging to institutions whose users did not agree to participate.
Alarum previously told KrebsOnSecurity that the reports by Syntiant and Qurium contained claims that could be shown to be inaccurate and flawed conclusions, not verified facts.
In the same earlier publication, NetNut said it operates a commercial proxy network and maintains policies, procedures and technological measures intended to promote lawful and responsible use of its services. The company said it emphasizes proper notice and consent mechanisms, conducts customer due diligence, monitors possible misuse and takes steps intended to identify and reduce suspicious or unauthorized activity.
The FBI investigation is part of a broader U.S. law enforcement effort to examine the use of residential proxy networks. Internet service providers and cybersecurity companies have warned that such networks have been used to capture millions of devices around the world.
Omer Weiss, Alarum’s corporate legal counsel, said in a statement that “Alarum takes this matter seriously and will cooperate fully with law enforcement authorities to ensure that any misuse of its infrastructure is thoroughly investigated, and that those responsible are held accountable.”
Alarum’s stock had surged between mid-2023 and mid-2024, rising more than fifteenfold to a market value of more than 1 billion shekels ($306 million) during a boom in the cyber sector. In the second half of 2024, however, the stock lost ground as financial results failed, in investors’ view, to justify the valuation.


