‘Biggest botnet ever’ tied to billions in stolen Covid-19 relief funds
The US Department of Justice on Wednesday announced charges against a 35-year-old Chinese national, Yunhe Wang, accused of operating a large network of botnet allegedly involved in billions of dollars in fraud, child exploitation and bomb threats, among other crimes.
Wang, identified by multiple pseudonyms—Tom Long and Jack Wan, among others—was arrested on May 24 and charged with distributing malware through various pop-ups VPN services, such as “ProxyGate” and “MaskVPN” and by embedding viruses in internet files distributed via peer-to-peer networks known as torrents.
This malware is believed to have infiltrated computers in almost every country in the world, turning them into proxies through which criminals can hide their identities while committing countless crimes. According to prosecutors in the US, this includes the expected theft of billions of dollars COVID-19 pandemic relief—funds allegedly stolen by foreign actors posing as unemployed U.S. citizens.
Based on an indictment, the infected computers allegedly provided Wang’s customers with a persistent backdoor, allowing them to disguise themselves as any victims of Wang’s malware. This illegal proxy service, known as “911 S5,” launched in early 2014, the U.S. government said.
“The 911 S5 botnet infected computers in nearly 200 countries and facilitated a wide range of computer-enabled crimes, including financial fraud, identity theft and fraud,” said FBI Director Christopher Wray. exploiting children”. Largest botnet ever.”
The US Treasury Department also did punished Wang and two other individuals are believed to be associated with 911 S5.
Wang is believed to have amassed access to nearly 614,000 IP addresses in the US and more than 18 million other IP addresses worldwide — together forming the botnet. DOJ states: 911 S5 customers can geo-filter IPs to choose where they want to appear, by specific US zip codes.
The indictment states that of the 150 specialized servers used to manage the botnet, up to 76 were rented by US-based service providers, including one that hosted the interface. 911 S5 client, allowing criminals abroad to make purchases using stolen credit cards. many cases are believed to be aimed at circumventing US export laws.
More than half a million fraudulent claims submitted to pandemic relief programs in the United States are believed to be related to 911 S5. According to the indictment, nearly $6 billion in losses were related to IP addresses captured by 911 S5. Many IP addresses are believed to be linked to more dangerous crimes, including bomb threats and trafficking of child sexual abuse material, or CSAM.
“Proxy services such as 911 S5 are common threats to cover up threats,” said Damien Diggs, U.S. attorney for the Eastern District of Texas, where charges against Wang were brought up by a grand jury. shields the criminals behind the compromised IP addresses of residential computers around the world.” month.
Nicole Argentieri, head of the Justice Department’s Criminal Division, added: “These criminals used hacked computers to hide their identities and commit a range of crimes, from fraud to cyber attack.”
At the time of writing, it is unclear whether these virtual impersonations have resulted in any criminal investigations or charges against US victims whose IP addresses were hacked as part of 911 S5 botnet or not. WIRED is awaiting a response from the Department of Justice on this concern.
According to the Department of Justice, law enforcement agencies in Singapore, Thailand and Germany cooperated with US authorities to effect Wang’s arrest.
Wang faces charges of conspiracy, computer fraud, conspiracy to commit wire fraud and money laundering conspiracy, which carries a maximum penalty of 65 years in prison. The US is also seeking to confiscate a mountain of luxury cars and goods believed to be owned by Wang, including a 2022 Ferrari Spider worth about half a million dollars as well as a Patek Philippe watch worth that much. several times that amount.