Global malware network taken down, administrator arrested

Name: WORLD
Price range: $

The seal for the Justice Department in Washington Associated Press/Photo by Andrew Harnik, file

Global malware network taken down, administrator arrested

An international law enforcement coalition has disabled the worldwide 911 S5 botnet, the U.S. Department of Justice said Wednesday. The network’s administrator, YunHe Wang, was arrested on May 24, according to a news release by the DOJ.

What is the 911 S5 botnet, and how does it work? The now-disabled botnet was a widespread international network of malware-infected computers that criminals used to commit cyber crimes.

Wang sold customers malware-infected Virtual Private Networks and pay-per-install software packages, according to a federal indictment. The malware enabled Wang to add the customers’ computers to the botnet, operate them remotely, and steal the devices’ IP addresses, sets of numbers allowing the internet to locate and identify computers. Wang sold these addresses to cybercriminals, who used them to anonymously commit a variety of crimes, including fraud, cyberattacks, child exploitation, and bomb threats.

How large was the operation? The botnet spread to almost 200 countries and was likely the largest created in world history, said FBI Director Christopher Wray. It contains over 19 million IP addresses, including over 610,000 in the United States. Cybercriminals used the stolen IP addresses to make billions of dollars from fraud schemes such as bogus unemployment insurance or disaster loan claims, including over $5.9 billion in COVID-19 assistance claims. Wang personally made $99 million from IP address sales from 2018 to 2022.

How was Wang caught? The botnet was flagged during an investigation into an international smuggling and money laundering operation. American and Ghanaian criminals in the operation used botnet IP addresses to attempt credit card frauds of over $5.5 million.

After a coordinated investigation into the botnet, authorities from the United States, Thailand, Singapore, and Germany seized about $60 million in assets and property, 23 domains, and over 70 of the botnet’s 150 servers.

What will happen to Wang? The 35-year-old Chinese national, a resident of the Caribbean country of St Kitts and Nevis, was arrested on May 24 and charged by the United States with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces up to 65 years in prison.