The US Department of Justice on Wednesday announced charges against a 35-year-old Chinese national, Yunhe Wang, accused of operating a massive botnet allegedly linked to billions of dollars in fraud, child exploitation and bomb threats, among other crimes.
Wang, identified by numerous pseudonyms (Tom Long and Jack Wan, among others), was arrested on May 24 and is accused of distributing malware through several emerging VPN services, such as “ProxyGate” and “MaskVPN,” and embedding viruses in Internet files distributed through peer-to-peer networks known as torrents.
The malware is said to have compromised computers located in almost every country in the world, turning them into proxy servers through which criminals could hide their identities while committing countless crimes. According to US prosecutors, this included the theft of billions of dollars intended for Covid-19 pandemic relief, funds allegedly stolen by foreign actors posing as unemployed US citizens.
According an accusationthe infected computers allegedly provided Wang’s clients with a persistent backdoor, allowing them to disguise themselves as any of the victims of Wang’s malware. This illicit proxy service, known as “911 S5,” was launched as early as 2014, the government says of the United States.
“The 911 S5 botnet infected computers in nearly 200 countries and facilitated a range of cybercrimes, including financial fraud, identity theft, and child exploitation,” says FBI Director Christopher Wray, who described the illicit service as “probably the best in the world”. the largest botnet ever created.”
The United States Department of the Treasury has also sanctioned Wang and two other individuals allegedly linked to 911 S5.
Wang is said to have amassed access to nearly 614,000 IP addresses in the US and more than 18 million more worldwide, collectively forming the botnet. 911 S5 customers were able to filter IPs geographically to choose where they would like them to appear located, down to a specific US ZIP code, the DOJ claims.
The indictment claims that of the 150 dedicated servers used to manage the botnet, up to 76 were rented by US-based service providers, including the one that hosts the 911 S5 client interface, which allowed criminals abroad purchasing goods using stolen credit cards, in many cases for the purported purpose of circumventing U.S. export laws.
More than half a million fraudulent claims filed with pandemic relief programs in the United States are allegedly linked to 911 S5. According to the indictment, nearly $6 billion in losses have been linked to IP addresses captured by 911 S5. Many of the IP addresses have reportedly been linked to more insidious crimes, including bomb threats and trafficking in child sexual abuse material, or CSAM.
“Proxy services like 911 S5 are widespread threats that protect criminals behind the compromised IP addresses of residential computers around the world,” says Damien Diggs, US Attorney for the Eastern District of Texas, where a grand jury presented the charges against Wang earlier this year. month.
Adds Nicole Argentieri, head of the Criminal Division of the Department of Justice: “These criminals used the hijacked computers to hide their identities and commit a series of crimes, from fraud to cyberstalking.”
As of this writing, it is unclear whether these virtual spoofs have led to criminal investigations or charges against US-based victims whose IP addresses were hijacked as part of the 911 S5 botnet. WIRED is awaiting a response from the Department of Justice regarding this concern.
According to the Justice Department, law enforcement agencies in Singapore, Thailand and Germany collaborated with U.S. authorities to effect Wang’s arrest.
Wang faces charges of conspiracy, computer fraud, conspiracy to commit wire fraud and money laundering conspiracy, with a maximum penalty of 65 years in prison. The United States is also seeking to seize a mountain of cars and luxury goods allegedly owned by Wang, including a 2022 Ferrari Spider valued at approximately half a million dollars, as well as a Patek Philippe watch potentially worth several times that.