An international task force apprehended a Chinese national and dismantled what’s believed to be the “world’s largest” botnet, considered a crushing blow to cybercrime. The cybercriminal allegedly operated this botnet for nearly a decade, netting him an estimated $99 million in profits.
The “911 S5” botnet, a sophisticated weapon of choice for cybercriminals, facilitated a range of nefarious activities from fraud and identity theft, to child exploitation.The arrest of Yunhe Wang, the suspected ringleader of this criminal network, signifies a turning point in the fight against cybercrime.
Wang, a 35-year-old cybercriminal, was arrested on May 24, and accused of operating the 911 S5 botnet, according to the U.S. Department of Justice. For eight years, a sprawling network of infected I.P. addresses, spanning 190 countries, served as the backbone of the 911 S5 botnet (DoJ). This network remained active since its creation in 2014.
Prosecutors allege Wang amassed millions of dollars by selling access to this vast network to cyber criminals. “This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5, a botnet that facilitated cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats and export violations,” stated Attorney General Merrick B. Garland in the press release.
Wang allegedly amassed a staggering $99 million through the scheme, indulging in a lavish lifestyle with luxury cars and real estate purchases across the globe, including the U.S., St. Kitts and Nevis in the Carribean, China, Singapore, Thailand, and the UAE.
Wang is accused of spreading his malware through two methods: Infecting Virtual Private Network (VPN) programs like MaskVPN and DewVPN, and bundling it with other software downloads, including pirated software.
“This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web,” said Attorney General Merrick B. Garland.
Merrick underscored the critical role of international collaboration in dismantling this sophisticated network, highlighting the involvement of law enforcement agencies from Singapore, Thailand, and Germany.
While the botnet infected over 19 million I.P. addresses across nearly 200 countries, with over 613,000 victims in the U.S. alone, court documents reveal a troubling domestic connection: 76 of the servers used were leased from US-based online service providers.
The botnet reportedly targeted COVID-19 relief programs, resulting in over 560,000 fraudulent claims and a staggering theft of over $5.9 billion.
Unprecedented Scale: ‘Likely the World’s Largest Ever’
FBI Director Christopher Wray called the dismantled botnet “likely the world’s largest ever,” highlighting its unprecedented scale.
This takedown echoes a similar incident in 2018, where GitHub faced the most powerful DDoS attack on record. Unlike Wang’s strategy, those threat actors exploited vulnerabilities in Memcached servers to amplify their attack, bypassing the need for a massive botnet.
Highlighting the FBI’s global effort in dismantling this record-breaking botnet, Wray said, “This operation demonstrates the FBI’s commitment to working shoulder-to-shoulder with our partners to protect American businesses and the American people, and we will work tirelessly to unmask and arrest the cybercriminals who profit from this illegal activity.”
The dismantling of 911 S5 wasn’t just about stopping a cyber threat; it exposed the network’s staggering impact. Assistant Secretary for Export Control at the Department of Commerce, Matthew Axelrod, compared the scheme’s reach and complexity to something ripped straight from a screenplay.
“A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals all over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate,” he said.
The fight against cybercrime is a constant battle. As law enforcement dismantles operations like 911 S5, criminals continuously adapt. New technologies like A.I. fuel innovative scams, as evidenced by the recent $25 million deepfake fraud targeting a prominent British engineering firm, showcased that online crime is evolving.
This incident highlights the need for vigilance and robust security measures to stay ahead of cybercriminals’ ever-evolving tactics.