The FBI, in collaboration with international partners, has announced the dismantlement of the 911 S5, one of the largest malicious botnets in the world. This covert network facilitated fraudulent transactions on a massive scale, resulting in billions of dollars in losses for victims, particularly related to COVID relief funding. The alleged mastermind behind this operation, YunHe Wang, a Chinese national, has been apprehended by law enforcement and charged with deploying malware and unlawfully selling access to infected computers’ IP addresses.

It is reported that the 911 S5 Botnet exploited 19 million compromised IP addresses in more than 190 countries for various criminal activities, including financial fraud, identity theft, and child exploitation. Deputy Assistant Director of the FBI Cyber Division, Brett Leatherman, described the botnet as serving as an “infrastructure highway” for a wide array of computer crimes. Investigators have determined that Wang’s motives were financially driven and did not have direct ties to nation-states.

Court documents have revealed that Wang spent over $30 million in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates, on luxury items and properties. Additionally, he reportedly splurged over $4 million on extravagant purchases, including a BMW, Rolls Royce, and several watches. Wang has been indicted on several charges, including conspiracy and computer fraud.

Wang is said to have enticed unsuspecting victims into purchasing various Virtual Private Network (VPN) programs, which were then used to install malicious software on their computers. These VPN extensions were supposedly designed to encrypt internet connections and conceal users’ browsing history and location. However, in reality, the programs were used to co-opt IP addresses remotely for criminal activities. Wang allegedly sold these stolen IP addresses to cybercriminals for millions of dollars, enabling them to execute their illicit schemes while evading law enforcement detection.

Prosecutors have stated that Wang’s malicious VPN services, which included Mask VPN, Dew VPN, Paladin VPN, Proxy Gate, Shield VPN, and Shine VPN, enabled cybercriminals to bypass financial fraud detection systems in the U.S. and elsewhere, resulting in the theft of billions of dollars from financial institutions, credit card issuers, account holders, and federal lending programs. They also noted that over $5.9 billion in potential pandemic relief fraud losses were attributed to IP addresses exploited by Wang’s botnet.

Furthermore, Wang is alleged to have generated over $99 million from the sales of hijacked IP addresses and laundered some of his proceeds through U.S. banks. The FBI reported that a significant portion of the fraud stemmed from pandemic relief fund applications, constituting a massive theft against Americans seeking financial relief during the pandemic.

The successful dismantlement of the 911 S5 Botnet was a collaborative effort involving the FBI and its international partners. The authorities in Singapore and Thailand played a critical role in Wang’s arrest by carrying out searches, interviews, and asset seizures. Efforts are currently underway to extradite Wang to the U.S. where he will face the charges against him.

Aside from Wang’s arrest, law enforcement has seized 23 domains and over 70 servers, effectively dismantling the network of infected devices that Wang and his co-conspirators had built from 2014 to 2022. While this arrest marks a significant milestone, FBI officials have emphasized that the investigation continues. They are hopeful that further evidence and artifacts obtained through physical search warrants, interviews, and seizures will lead to the identification of other individuals involved in criminal activities facilitated by the botnet.

The FBI has established a webpage to assist potential victims in determining if their devices have been compromised and to guide them through a self-remediation process.

In conclusion, the dismantlement of the 911 S5 Botnet and the arrest of its administrator, YunHe Wang, represent a significant victory in the fight against cybercrime. However, the FBI underscores the importance of ongoing efforts to identify and bring to justice other individuals involved in criminal activities.