The Department of Justice said in a news release that Chinese national Wang Yunhe, 35, was arrested for operating the world’s largest botnet, called “911 S5.”

You can read the original article here.

A Chinese national has been detained on suspicion of operating a botnet including 19 million compromised IP addresses across almost 200 countries. The individual allegedly made at least $99 million by renting out his network to cybercriminals for various cybercrimes, such as COVID-19 pandemic relief scams.

According to a news release released on May 29, the Department of Justice (DOJ) said that Wang Yunhe, 35, charged clients to use his network of hacked IP addresses between 2014 and July 2022. When participating in illicit online activity, thieves could hide their digital footprint thanks to a program called “911 S5”.

Financial crimes, stalking, sending and receiving child exploitation materials, sending bomb threats and other threats of damage, and illicit commodities exportation were among these charges.

According to an indictment, thieves are also accused of stealing billions of dollars from financial institutions, credit card companies, and federal loan programs by using the botnet service to get around financial fraud detection systems in the US and abroad. More than $5.9 billion in losses resulted from 560,529 false claims that originated from “IP addresses exploited and trafficked” by Mr. Wang’s botnet.

The DOJ quoted FBI Director Christopher Wray as saying that the network was “likely the world’s largest botnet ever.”

Assistant Secretary for Export Enforcement Matthew S. Axelrod of the Commerce Department’s Bureau of Industry and Security said in a statement that Mr. Wang’s purported plan “reads like it’s ripped from a screenplay.”

Malware

Mr. Wang used several aliases, including “Jack Wan,” “Williams Tang,” and “Tom Long,” according to the indictment. According to a LinkedIn post by Brett Leatherman, the deputy assistant director of the FBI’s cyber division, he was taken into custody in Singapore on May 24 and search warrants were carried out in both the Southeast Asian nation and neighboring Thailand.

Additionally, according to Mr. Leatherman, authorities confiscated $29 million worth of cryptocurrencies.

The indictment claims that Mr. Wang started creating malicious Virtual Private Network (VPN) apps like MaskVPN, DewVPN, and Shine VPN as early as 2011 to expand his botnet. Subsequently, it is believed that he disseminated his software “with the aim of infecting residential computers worldwide.”

A VPN is a service that encrypts an internet connection, hides a user’s IP address, and routes traffic via a distant server.

As of July 2022, Mr. Wang had infected computers all around the world with his software, generating more than 19 million distinct IP addresses. “[C]ybercriminals using the 911 S5 service were able to select by city, state, zip code, or country exactly the IP addresses through which they wanted to connect to the internet,” the indictment states.

According to the indictment, Mr. Wang’s botnet had roughly 613,841 IP addresses from the US out of the 19 million IP addresses, and between April 2020 and July 2022, his malware infected roughly 346 computers in the Eastern District of Texas.

Although Mr. Wang’s botnet ceased operating in July 2022, affected machines “remain actively compromised,” according to the indictment. According to the paper, “the botnet remains available to be reconstituted into a new illicit proxy service at any time.”

Cooperation

The botnet was taken down thanks to international cooperation, according to Attorney General Merrick B. Garland.

“The Justice Department led an international law enforcement operation stretching from Southeast Asia to Europe to the Caribbean, which disrupted 911 S5,” Mr. Garland said in a video statement. “As a result of our coordinated actions, the botnet has been taken down.”

The DOJ claims that law enforcement organizations from Germany, Thailand, and Singapore collaborated with US authorities on the case. 23 domains and more than 70 servers were taken over as a result of the coordinated effort.

“As today’s case makes clear, the long arm of the law stretches across borders and into the deepest shadows of the dark web,” Mr. Garland added.

According to reports, Mr. Wang purchased real estate in the US, China, Singapore, Thailand, St. Kitts and Nevis, the United Arab Emirates, and Singapore with money he made from his botnet’s users.

There is a maximum 65-year jail sentence associated with the allegations of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to engage in money laundering against Mr. Wang.

The indictment states that other assets and properties purportedly owned by Mr. Wang are being sought after by federal authorities. A Rolls Royce, a BMW i8, a BMW X7 M50d, a 2022 Ferrari F8 Spider S-A, more than a dozen local and foreign bank accounts, more than two dozen cryptocurrency wallets, several high-end timepieces, and twenty-one residential or investment properties are among them.

Sanctions against Mr. Wang, his co-conspirator Liu Jinping, his lawyer Zheng Yanni, and three Thailand-based businesses that he controlled were announced by the Treasury Department on May 28.

Recently, GreatGameIndia reported that the Justice Department exposed a secret Chinese plot at the University of Florida involving researcher Pen Yu and student Leticia Zheng smuggling dangerous bio-toxins to China.