Botnet 911 S5: One of the largest botnets dismantled by the USA

The United States Department of Justice (DOJ) has taken a significant step in the field of cybersecurity by announcing the dismantling of one of the largest botnets in the world – the 911 S5 Botnet. According to the DOJ, this digital network has become a breeding ground for fraud, child exploitation, cyberattacks, and bomb threats. The operation's organizer, Yunhe Wang, a citizen of the People's Republic of China and a participant in the citizenship-by-investment program of Saint Kitts and Nevis, has been arrested.

The DOJ's activities are aimed at combating the botnet.

Van is accused of creating, managing, and maintaining an illegal proxy service known as "911 S5." This was established during an international law enforcement operation sanctioned by the court. The indictment, unsealed on May 24, covers the period from 2014 to July 2022. During this time, it is alleged that Van and his accomplices were able to compromise millions of computers running Windows using malware. In total, 19 million unique IP addresses were recorded, of which 613,841 were located in the United States. After the computers were taken over by the malware, Van and his team sold the data from these compromised IP addresses on the black market.

Attorney General Merrick Garland commented on the dismantling of the botnet, stating:"As a result of this operation, Yunhe Wang was arrested on charges of creating and operating a botnet, as well as distributing malware. This case clearly demonstrates that the law extends its reach beyond borders and is prepared to delve into the deepest shadows of the dark web, and the Department of Justice will never cease its fight against cybercriminals."

The use of proxies and malware

As a proxy access point, pirated versions of ostensibly legal software were used. Van and his team utilized virtual private network (VPN) programs to secretly deploy malware, disguising it as a package with other program files.

The use of illegal IP addresses for mass cybercrime

These IP addresses were used in various illegal activities. This included child exploitation, bomb threats, and large-scale fraud. Criminals used the obtained IP addresses to hide their original points and locations, creating a false trail for law enforcement that involved billions of dollars in fraud against financial institutions, lenders, and federal credit systems. According to sources in the U.S., 560,000 fake unemployment benefit claims were created, resulting in the theft of $5.9 billion in pandemic relief funds.

Moreover, Wan was supposed to receive $99 million, according to a declassified indictment, and planned to use these funds to purchase real estate in the U.S., St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates. This Chinese citizen now faces the prospect of 65 years in prison on charges of conspiracy to commit computer fraud, substantial computer fraud, conspiracy to commit bank fraud, and money laundering. Nika M. Argentieri, the Chief Deputy Attorney General leading the Criminal Division of the Department of Justice, stated:“As stated in the indictment, Wang created malware that compromised millions of home computers worldwide and then sold access to these infected computers to cybercriminals.”