Chinese man operated ‘world’s largest botnet’ that stole billions: DOJ

A Chinese national, YunHe Wang, has been arrested for his involvement in operating a residential proxy service that was used to defraud billions of dollars from the U.S. government and fund his extravagant lifestyle. The Department of Justice announced the arrest on May 24, charging Wang with creating a massive botnet, known as “911 S5,” which was used for cyber attacks, fraud, child exploitation, bomb threats, and export violations.

The botnet, which operated from 2014 to 2022, infected over 19 million IP addresses in nearly 200 countries, including over 613,000 IP addresses located in the United States. About 76 of the servers were leased from online service providers based in the U.S.

Wang allegedly spread his malware through Virtual Private Network programs and pay-per-install services, allowing him to manage and control the approximately 150 servers. Paying customers were then given access to proxied IP addresses linked to the hijacked devices, enabling cybercriminals to hide their locations and commit various offenses anonymously.

The botnet is believed to have enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs. Specifically, it targeted COVID-19 pandemic relief programs and filed an estimated 560,529 fraudulent unemployment insurance claims, resulting in over $5.9 billion being stolen.

Wang was charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum of 65 years in prison.

The Department of Justice partnered with the FBI and international law enforcement agencies in Singapore, Thailand, and Germany to dismantle the botnet and arrest Wang. The case is part of the federal government’s ongoing effort to combat global cybercrime, which has become increasingly widespread and poses a significant threat to national and economic security.