Access Denied

This page requires users to be logged in and using a specific plan to access its content.

If you believe this is an error or need help, please contact
support@cybernewscentre.com


Login or Sign Up
⭠ Back
The FBI, in collaboration with international partners, has successfully dismantled a major botnet that infected over 19 million IP addresses across 200 countries, concealing various cybercrimes for years.
Copy Page Link
Editor Alexis Pinto
Mark De Boer
May 31, 2024

https://www.cybernewscentre.com/plus-content/content/massive-botnet-dismantled-and-administrator-arrested-in-911-s5-case-fbi-reports

You have viewed 0 of your 5 complimentary articles this month.
You have viewed all 5 of your 5 complimentary articles this month.
This content is only available to subscribers. Click here for non-subscriber content.
Sign up for free to access more articles and additional features.
Create your free account
follow this story

The FBI, in collaboration with international partners, has successfully dismantled a major botnet that infected over 19 million IP addresses across 200 countries, concealing various cybercrimes for years.

The alleged mastermind of the 911 S5 botnet, an individual known as YunHe Wang, a Chinese national, was arrested on 24 May and could face up to 65 years in jail, per DOJ. 

They also flagged Wang and several associates, and three Thai companies, for their role in the botnet. 

Starting in 2014, Wang is accused of using his own malware to hack into more than 600,000 Windows operating systems around the world, including 600,000 different IP addresses in the United States alone.

Prosecutors claim he was paid around $99 million by subscribers for use of the residential proxy service, which would let end users ‘browse the internet using the IP address of a computer owned by an innocent person’ in an effort to hide their own activity.

Wang is charged with counts of computer fraud, wire fraud, and money laundering.

Attorney General Merrick B. Garland U.S Department of Justice 

“This Justice Department-led operation was comprised of law enforcement partners around the globe that disabled 911 S5, a botnet that aided cyber‑attacks, wholesale fraud, child exploitation, harassment, bomb threats and exports violations,” the Attorney General Merrick B Garland said.

The company’s prosecutors later reported that the service had defrauded the government of $5.9 billion in relief funds from federal pandemic programmes.

According to court documents,  Wang allegedly spread his malware through VPN programmes (such as MaskVPN and DewVPN, which he also ran as a torrent distribution model), as well as through pay-per-install services (which bundled his malware content into separate program files, including pirated versions of licensed software or material protected by copyright). 

Wang hosted and leveraged approximately 150 dedicated servers worldwide (of which he leased a maximum of 76 from online service providers in the United States) to deploy and manage the applications, command and control the infected devices, operate his 911 S5 service and offer paying customers use of proxied IP addresses from the infected devices.

They raided the present incarnation of a now-defunct residential proxy service that shuttered in August 2022, capturing 23 domains and more than 70 servers.

These servers acted as the ‘backbone’ of the former initiative and the current one, the DOJ said.

‘The seizure of numerous domains associated with the historic 911 S5, in addition to several new domains and services associated with a recreation of the service, has stopped Wang’s attempts to further abuse his victims through a reconstituted service called Clourouter.io and closed the open backdoors he exploited when he was shut down earlier,’ the DOJ said. 

Investigators say Wang used money from that service to buy properties in the US, China, Singapore, Thailand, the United Arab Emirates and St Kitts and Nevis, where he is a citizen.

Among the luxury cars scheduled to be seized are a Ferrari F8, several BMWs and a Rolls Royce. His 21 properties are also in jeopardy.

The investigation into 911 S5 surfaced due to an investigation into more than 2,000 orders made with stolen credit cards by fraudsters operating on ShopMyExchange, an e-commerce site affiliated with the Army and Air Force Exchange Service.

The Ghanaian and US-based fraudsters apparently obtained IP addresses from 911 S5.

Fbi Director Christopher Wray Testifies Jan. 31, 2024, Before The House Select Committee On China. Image: Youtube

The FBI and DOJ has taken down several botnets this year linked to nation-state hacking operations.

In January, it announced the dismantling of a botnet of infected home routers – part of the China-linked APT group Volt Typhoon – and, in February, dismantling a version of this botnet network, this time used by Russia’s GRU-linked APT28 group.

At a Glance

  • Global Operation - Massive Botnet Dismantled: The FBI, in collaboration with international partners, dismantled the 911 S5 botnet, which infected over 19 million IP addresses globally. YunHe Wang, the alleged administrator, faces up to 65 years in prison.
  • Financial Gains,  Malware and Proxy Service: Wang allegedly created malware that compromised millions of Windows systems, earning around $99 million from a residential proxy service. He is charged with computer fraud, wire fraud, and money laundering.
  • Seizures, Disruption & Shutting Down the Network: Authorities seized 23 internet domains and over 70 servers, disrupting Wang's attempt to reconstitute the botnet under a new name, Clourouter.io. Proceeds from the service were used to purchase properties and luxury cars in multiple countries.

The FBI, in collaboration with international partners, has successfully dismantled a major botnet that infected over 19 million IP addresses across 200 countries, concealing various cybercrimes for years.

Get access to more articles for free.
Create your free account
More Cyber News