- Yunhe Wang is accused of running 911 S5, which infected 19 million computers
- Wang, 35, was arrested in Singapore earlier this month.
- He used to spend much of his earnings on luxury cars and a property in the Caribbean.
The FBI, along with many other government agencies, took down the world’s largest botnet farm and arrested its ringleader, the Justice Department said in a statement Wednesday.
Yunhe Wang, 35, is accused of running 911 S5, which infected about 19 million computers worldwide and more than 600,000 in the United States alone. The scam started in 2018 and lasted until 2022.
Wang would then sell access to those infected computers to criminals who would then use them for crimes as vile as child exploitation, as well as identity theft and fraud, earning about $99 million in the process, officials said.
The criminals Wang also sold access to attempted to steal around $5.9 billion in Covid-19 relief funds from the US government.
The indictment says Wang used his ill-gotten gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where he says he gained citizenship through an investment.
Wang’s website domain has been seized in what federal officials have called Operation Rat Tunnel.
Among the luxury items seized by authorities is a Ferrari F8 Spider, similar to this one
Among the toys Wang purchased with his ill-gotten gains were a 2022 Ferrari F8 Spider SA, a BMW i8, a BMW X7 M50d and a Rolls Royce, all of which have been seized by the US government.
Wang was arrested in Singapore and search warrants were executed there and in Thailand, FBI Deputy Assistant Director for Cyber Operations Brett Leatherman said in a statement. a LinkedIn post.
Authorities also seized $29 million in cryptocurrency, Leatherman said.
In 2022, 911 S5 was discovered as a botnet and repackaged as CloudRouter, officials said.
The suspect is awaiting extradition from Singapore to the United States, where he could face up to 65 years in prison on charges of conspiracy to commit computer fraud, substantial computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.
Two of Wang’s associates, Jingping Liu and Yanni Zheng, have been sanctioned by the US government for their role in the crime.
Cybercriminals used Wang’s network of zombie home computers to steal “billions of dollars from financial institutions, credit card issuers and account holders, and federal loan programs since 2014,” according to an indictment filed in the Eastern District of Texas.
The administrator, Wang, sold access to the 19 million Windows computers he had hijacked – more than 613,000 in the United States – to criminals.
Those criminals, in turn, “used that access to commit a staggering array of crimes that victimized children, threatened the safety of people, and defrauded financial institutions and federal lending programs,” said U.S. Attorney General Merrick. Garland.
It said criminals who purchased zombie network access from Wang were responsible for more than $5.9 billion in estimated losses due to fraud against aid programs.
Those criminals, in turn, “used that access to commit a staggering array of crimes that victimized children, threatened the safety of people, and defrauded financial institutions and federal lending programs,” said U.S. Attorney General Merrick. Garland.
Authorities estimated that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.
Wang allegedly managed the botnet through 150 dedicated servers, half of them rented from US-based online service providers.
In its press release, the Justice Department thanked police and other authorities in Singapore and Thailand for their help.