A Chinese citizen by the name of Wang Yunhe has been apprehended for allegedly operating a vast botnet consisting of approximately 19 million infected IP addresses across almost 200 nations, accumulating at minimum $99 million by leasing his network to felons for cybercrimes such as COVID-19 relief scams. According to a statement issued on May 29th, the Department of Justice (DOJ) affirmed that Wang, 35, provided his clients with access to his collection of compromised IP addresses for a fee from 2014 until July 2022, through a service named “911 S5”, which allowed cybercriminals to cover their digital tracks when undertaking illicit online operations.
Among those offenses included transmitting bomb threats and threats of harm, stalking, financial crimes, receiving and sending child exploitation materials, and illegal exportation of goods. The DOJ stated that the network was likely the biggest botnet of all time, citing FBI Director Christopher Wray. Authorities also seized $29 million in cryptocurrency, says Mr. Leatherman.
To amass his botnet, Mr. Wang supposedly started creating malicious digital private network (VPN) software including DewVPN, MaskVPN, and Shine VPN as early as 2011, according to the indictment. He subsequently proliferated his malware “with the intent to infect residential computers worldwide.”
“Wang then managed and controlled approximately 150 dedicated servers worldwide, approximately 76 of which he leased from U.S.-based online service providers,” the statement reads.
Mr. Wang amassed more than 19 million distinct IP addresses by disseminating his malware to computers worldwide as of July 2022. “Cybercriminals using the 911 S5 service were able to select by city, state, zip code, or country exactly the IP addresses through which they wanted to connect to the internet,” the indictment reads. The DOJ disclosed that the botnet of Mr. Wang had roughly 613,841 IP addresses in the United States, and that his malware affected around 346 computers in the Eastern District of Texas between April 2020 and July 2022.
The DOJ announced that law enforcement agencies in Thailand, Singapore, and Germany collaborated with the US authorities in the case. The joint operation resulted in the seizure of over 70 servers and 23 domains. “As today’s case makes clear, the long arm of the law stretches across borders and into the deepest shadows of the dark web,” Mr. Garland stated.
Mr. Wang allegedly employed the revenue he garnered from his botnet’s customers to buy properties in Singapore, the United Arab Emirates, China, the United States, Thailand, and St. Kitts and Nevis.
According to the indictment, Mr. Wang faces charges of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering, with a maximum prison term of 65 years. Federal officials want to take control of many items and assets purportedly owned by Mr. Wang, including several cryptocurrency wallets, 21 residential or investment properties, more than a dozen domestic and international bank accounts, a Rolls Royce, several luxury wristwatches, a BMW i8, a BMW X7 M50d, and a 2022 Ferrari F8 Spider S-A
