911 S5 Botnet Now Shut Down: Massive International Collaboration
A significant victory in the fight against cybercrime was achieved as a court-authorised international law enforcement operation, led by the U.S. Justice Department, dismantled the notorious 911 S5 botnet. This botnet, responsible for infecting over 19 million IP addresses globally, enabled extensive criminal activities ranging from cyber-attacks to child exploitation.
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
— U.S. Department of Justice (@TheJusticeDept) May 29, 2024
The Arrest of YunHe Wang
As part of this operation, YunHe Wang, a 35-year-old national of the Peopleâs Republic of China and a citizen-by-investment of St. Kitts and Nevis, was arrested on May 24. Charged with creating and operating the 911 S5 botnet, Wangâs arrest marks a significant milestone in international cybersecurity enforcement.
From 2014 to July 2022, Wang and his associates allegedly disseminated malware to compromise millions of residential Windows computers worldwide, amassing a network linked to more than 19 million unique IP addresses. In the U.S. alone, 613,841 IP addresses were compromised.
Wang generated millions by selling access to these infected IP addresses to cybercriminals. The botnet facilitated various crimes, including large-scale fraud, identity theft, harassment, bomb threats, and child exploitation.
Law Enforcementâs Response
Today, the DOJ announced the arrest of a Chinese national who amassed millions of hijacked residential IP addresses and facilitated billions of dollars in unemployment and pandemic relief fraud. Learn about the investigation by the #FBI and its partners: https://t.co/6ZDjo8knal
Attorney GeneralMerrick B. Garland highlighted the operationâs success, stating, “This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web.” The FBI’s involvement was crucial, with Director Christopher Wray noting, “We arrested its administrator, seized infrastructure and assets, and levied sanctions.”
The Modus Operandi
Wang propagated his malware through VPN programs like MaskVPN and DewVPN and bundled it with pirated software. He managed around 150 servers globally, using them to control infected devices and offer proxy services to paying customers.
Cybercriminals utilised these proxied IP addresses to conceal their locations, committing various offenses, including financial fraud and child exploitation. Notably, fraudulent unemployment insurance claims during the pandemic resulted in over $5.9 billion in confirmed losses.
The Legal and Financial Fallout
The indictment revealed that from 2018 to 2022, Wang received approximately $99 million from his operations. His illicit gains funded the purchase of luxury items and properties across multiple countries. Assets worth approximately $30 million were seized during the operation.
The success of this operation underscores the importance of international cooperation. Assistant Attorney GeneralNicole M. Argentieri stressed, “Cybercriminals should take note. Todayâs announcement sends a clear message that the Criminal Division and its law enforcement partners are firm in their resolve.”
Conclusion: Continuing The Fight Against Cybercrime
While the dismantling of the 911 S5 botnet is a significant achievement, it also highlights the ongoing battle against sophisticated cybercriminal enterprises. The U.S. Justice Department, along with its international partners, remains committed to pursuing and prosecuting cybercriminals worldwide.
