An international law enforcement team has arrested a Chinese national and disrupted a major botnet that officials said he ran for nearly a decade, amassing at least $99 million in profits by reselling access to criminals who used it for identity theft, child exploitation, and financial fraud, including pandemic relief scams.
The U.S. Department of Justice quoted FBI Director Christopher Wray as saying Wednesday that the “911 S5” botnet — a network of malware-infected computers in nearly 200 countries — was likely the world’s largest.
Justice said in a news release that Yunhe Wang, 35, was arrested May 24. Wang was arrested in Singapore, and search warrants were executed there and in Thailand, the FBI’s deputy assistant director for cyber operations, Brett Leatherman, said in a LinkedIn post. Authorities also seized $29 million in cryptocurrency, Leatherman said.
CHINESE HACKERS HAD ACCESS TO US INFRASTRUCTURE FOR ‘AT LEAST 5 YEARS’ BEFORE DISCOVERY
Cybercriminals used Wang’s network of zombie residential computers to steal “billions of dollars from financial institutions, credit card issuers and accountholders, and federal lending programs since 2014,” according to an indictment filed in Texas’ eastern district.
A general view is seen of Singapore. Yunhe Wang, 35, was arrested on May 24 in Singapore, and search warrants were executed there and in Thailand, the FBI’s deputy assistant director for cyber operations, Brett Leatherman, said. (Lars Baron/Getty Images)
The administrator, Wang, sold access to the 19 million Windows computers he hijacked — more than 613,000 in the United States — to criminals who “used that access to commit a staggering array of crimes that victimized children, threatened people’s safety and defrauded financial institutions and federal lending programs,” U.S. Attorney General Merrick Garland said in announcing the takedown.
He said criminals who purchased access to the zombie network from Wang were responsible for more than $5.9 billion in estimated losses due to fraud against relief programs. Officials estimated 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.
Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from U.S.-based online service providers.
The indictment says Wang used his illicit gains to purchase 21 properties in China, the United States, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where it said he obtained citizenship through investment.
In its news release, the Justice Department thanked police and other authorities in Singapore and Thailand for their assistance.