Federal investigators have successfully dismantled one of the world’s largest malicious botnets, known as the 911 S5 Botnet, that facilitated fraudulent transactions leading to billions of dollars in losses. The botnet’s administrator, YunHe Wang, a Chinese national, was arrested and charged with orchestrating an international plot to deploy malware and sell access to infected computers’ IP addresses. These IP addresses, which act as unique identifiers for devices on the internet, were used by cybercriminals for various illicit activities such as financial fraud, identity theft, and child exploitation.
Wang’s operation utilized 19 million compromised IP addresses in over 190 countries, with more than 600,000 in the U.S. He allegedly sold unsuspecting victims Virtual Private Network (VPN) programs that installed malicious software on their computers, allowing their IP addresses to be remotely coopted. These stolen IP addresses were then sold to cybercriminals for millions of dollars, enabling them to carry out their criminal schemes undetected. The fraudulent activities conducted through the botnet included financial fraud, identity theft, and exploitation, resulting in billions of dollars in losses, particularly related to pandemic relief funds.
The FBI, in collaboration with international partners, conducted a joint cyber operation to dismantle the 911 S5 Botnet, which is believed to be one of the largest botnets ever. Law enforcement officials worked with authorities from Singapore and Thailand to arrest Wang, conduct searches, interviews, and seize assets. The investigation is ongoing, with efforts to identify other individuals involved in using the botnet to target innocent individuals and corporations. The FBI has created a webpage for potential victims to determine if their devices have been compromised and guide them through a self-remediation process.
Prosecutors revealed that Wang made over $99 million from selling hijacked IP addresses and laundered some of his proceeds through U.S. banks. The majority of the fraud stemmed from fraudulent pandemic relief fund applications, resulting in significant losses for Americans during challenging times. The investigation uncovered the extensive criminal ecosystem that enables cybercriminal activities, ranging from financial fraud to ransomware attacks. While the arrest of Wang marks a milestone in dismantling the botnet, law enforcement officials acknowledge the ongoing threat posed by such networks and continue to work towards identifying and prosecuting individuals involved in cybercrimes.
FBI Director Christopher Wray commended the success of the operation and highlighted the critical role played by international partners in arresting Wang and dismantling the botnet. The seizure of 23 domains and over 70 servers disrupted the network of infected devices constructed by Wang and his co-conspirators between 2014 and 2022. Efforts are underway to extradite Wang to the U.S. for prosecution. The investigation aims to uncover further evidence of criminal activities and hold accountable those involved in exploiting innocent victims for financial gain.
