In a significant victory against cybercrime, the US Justice Department, in collaboration with international partners, has successfully dismantled the notorious 911 S5 botnet. This extensive operation culminated in the arrest of YunHe Wang, a 35-year-old Chinese national, in Singapore. The dismantling of this botnet represents a crucial step in combating global cyber threats.
The FBI’s Operation
“Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world’s largest botnet ever,” stated FBI Director Christopher Wray. The operation led to the arrest of Yunhe Wang, the botnet’s administrator, and the seizure of the botnet’s infrastructure and assets.
The 911 S5 Botnet: A Closer Look
Since 2011, Wang and his co-conspirators have been distributing malware through various malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. These applications added compromised devices to the 911 S5 residential proxy service, creating a vast network of infected devices.
From 2014 to July 2022, the 911 S5 botnet network expanded to millions of residential Windows computers worldwide, linked to over 19 million unique IP addresses. This included 613,841 IP addresses in the United States alone. Wang managed and controlled approximately 150 dedicated servers globally, with 76 leased from US-based online service providers. These servers were used to command and control infected devices, operate the 911 S5 service, and provide paying customers with access to proxied IP addresses.
Deceptive Tactics and Global Impact
Researchers at the University of Sherbrooke revealed that the 911 S5 operators lured potential victims by offering free VPN services, which secretly installed proxy malware on their devices. Although the botnet was shut down in July 2022 following a security breach, it reemerged as “CloudRouter” shortly thereafter.
The Justice Department is now seizing domains used by the criminal network and has levied sanctions against Wang and his co-conspirators. The botnet’s activities have had far-reaching consequences, enabling cybercriminals to engage in a wide range of illegal activities, including cyber attacks, bomb threats, child exploitation, large-scale fraud, harassment, and export violations.
Financial Toll and Legal Repercussions
Wang and his network generated approximately $99 million by selling access to the compromised IP addresses. Cybercriminals used these IPs to submit fraudulent applications for various relief programs, including the Coronavirus Aid, Relief, and Economic Security (CARES) Act. They also filed 560,000 fraudulent unemployment insurance claims and over 47,000 Economic Injury Disaster Loan (EIDL) applications, resulting in billions of dollars in losses for financial institutions, credit card issuers, and federal lending programs.
Sanctions and Seizures
On Tuesday, the US Treasury Department sanctioned Yunhe Wang, along with Jingping Liu (the operation’s money launderer), and Yanni Zheng (who acted as a power of attorney for Wang). Three entities linked to Wang—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited—were also sanctioned.
According to an indictment unsealed on May 24, numerous assets belonging to Wang are now subject to forfeiture. These assets include luxury vehicles such as a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, and a Rolls Royce. In addition, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, several luxury wristwatches, 21 residential or investment properties across various countries, and 20 domains are also being seized.
Conclusion
Yunhe Wang faces a maximum penalty of 65 years in prison if convicted on all counts, including conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. The dismantling of the 911 S5 botnet marks a significant achievement in the ongoing fight against cybercrime, highlighting the importance of international cooperation and relentless law enforcement efforts.
More News: Tech News
