The largest botnet ever in the United States has been dismantled

The U.S. Department of Justice said it arrested a 35-year-old Chinese citizen, Yunhe Wang, suspected of running a large botnet linked to multibillion-dollar fraud, child exploitation and false bomb threats. Wang, who used various aliases such as Tom Long and Jack Wan, was arrested on May 24. It is accused of spreading malware through pop-up VPN services such as "ProxyGate" and "MaskVpn", incorporating viruses distributed via peer-to-peer networks known as torrents. This arrest coincides with a major Europol operation against botnets, which has disrupted cybercriminal networks around the world.

Operating mode of the 911 S5 botnet

According to the indictment, computers infected by the 911 S5 botnet offered a continuous backdoor to Wang's customers, allowing them to illicitly impersonate victims of the malware. This illicit proxy service, known as “911 S5,” has been in operation since 2014 and has infected computers in nearly 200 countries. The FBI said the botnet facilitated a wide range of cybercrimes, including financial fraud, identity theft and child exploitation. Wang and 2 other individuals linked to the 911 S5 were also sanctioned by the US Treasury Department. The botnet provided access to nearly 614,000 IP addresses in the United States and more than 18 million worldwide, allowing criminals to select the geographic area from which they appear online.

Infrastructure and crimes related to 911 S5

Of the 150 servers used to run the botnet, 76 were rented from service providers in the United States. This included the server that hosted the 911 S5 client interface, which allowed criminals to purchase products with stolen credit cards and bypass export laws. More than half a million fraudulent claims on pandemic relief programs in the United States have been traced to the 911 S5, with thefts amounting to nearly $6 billion. However, IP addresses controlled by the botnet have also been associated with more serious crimes, such as bomb scares and trafficking in child pornography. Authorities have highlighted how proxy services like 911 S5 pose a persistent threat to global security.

International collaborations and legal consequences

The Department of Justice highlighted that the operation to arrest Wang saw the collaboration of law enforcement agencies from Singapore, Thailand and Germany. The charges against Wang include conspiracy, computer fraud, wire fraud and money laundering, with a maximum expected sentence of 65 years in prison. The United States is seeking to seize numerous luxury assets allegedly owned by Wang, including a 2022 Ferrari Spider worth half a million dollars and a Patek Philippe watch. At this time, it is unclear whether these identity theft activities have led to investigations or criminal charges against U.S. victims of the botnet. Wired US has requested further clarification from the Department of Justice on this point.