911 S5 Botnet: One of largest botnets taken down by US
The United States Justice Department (DOJ) has made a significant stride in cybersecurity by announcing the dismantling of one of… Continue reading 911 S5 Botnet: One of largest botnets taken down by US
The post 911 S5 Botnet: One of largest botnets taken down by US appeared first on ReadWrite.
The United States Justice Department (DOJ) has made a significant stride in cybersecurity by announcing the dismantling of one of the world’s biggest botnets – 911 S5 Botnet.
The digital cabal was a hotbed of fraudulent activity, child exploitation, cyber-attacks, and bomb threats, says the DOJ.
YunHe Wang, a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment was arrested as the ringleader of the operation.
DOJ cracks down on botnet
Wang is charged with the creation, operation, and maintenance of the illegal residential proxy service that would come to be known as “911 S5,” the court-authorized international law enforcement operation found.
An indictment unsealed on May 24 placed the timeline of activities from 2014 through July 2022. In this period, Wang and his accomplices are alleged to have compromised millions of Windows computers via the deployment of malware.
This included 19 million unique IP addresses, including 613,841 United States-based IP addresses. Once infiltrated by the malware, Wang and the group are alleged to have sold the information of these compromised IP addresses to the highest bidder.
Attorney General Merrick B. Garland said of the takedown, “As a result of this operation, YunHe Wang was arrested on charges that he created and operated the botnet and deployed malware. This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cybercriminals to account.”
Pirated versions of seemingly legitimate software were used as the proxy entry point. Wang and his group used Virtual Private Network (VPN) programs to smuggle the malware inside as a bundle with other program files.
Once deployed, Wang operated a spider web of 150 servers worldwide. With 76 of the flagged servers being leased from U.S. vendors. Through this lattice of digital corruption, Wang could give access to paying customers looking for compromised IPs and their data.
Illegal IPs used to commit mass cybercrime
The IPs were used in a plethora of illegal activities. These included child exploitation, bomb threats, and mass fraud. Criminals used the IPs to mask their origin points and locations to give law enforcement a trail of smoke and mirrors, which included billions of dollars in fraud from financial institutions, lenders, and federal lending systems.
According to United States sources, 560,000 fraudulent unemployment insurance claims were generated as part of the IPs purchased via 911 S5. This would total $5.9 billion in pandemic relief garnered by the illegal IPs.
Moreover, Wang would stand to gain $99 million, according to the unsealed indictment and would go on to purchase real estate in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates.
The Chinese national is now staring down the barrel of a possible 65-year stint in prison for conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, said, “As alleged in the indictment, Wang created malware that compromised millions of residential computers around the world and then sold access to the infected computers to cybercriminals.”
Image: Ideogram.
The post 911 S5 Botnet: One of largest botnets taken down by US appeared first on ReadWrite.