Today’s villain can cause more chaos on the masses than The Joker could ever hope to achieve against Batman and the residence of Gotham City. In one fell swoop, a fraudster can hijack a network of internet connected devices and choose for a wide range of malicious activities, such as sending spam messages, spreading viruses, launching denial-of-service attacks and supporting illegal websites. To name a few. The opportunities to destroy are endless. But it doesn’t mean the villain is invincible. On May 24, 2024, Yunhe Wang, 35, a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment, was arrested in Thailand for the creation, deployment and operation of a botnet, known as “911 S5”. $29 million in cryptocurrency was also seized from Wang’s residence. A drop in the bucket for the estimated losses generated by Wang’s botnet.
According to an indictment, from 2014 through July 2022, Wang allegedly created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. All which Wang sold to cybercriminals allowing them to anonymously commit a wide array of offenses. These offenses including financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials. Since 2014, Wangs botnet allegedly enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs. Endless opportunities with a botnet.
Wangs customers also allegedly targeted certain pandemic relief programs. For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by Wang’s botnet.
Wang received approximately $99 million from his sales of the hijacked proxied IP addresses through his 911 S5 operation. Either in cryptocurrency or fiat currency. Which Wang used to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis.
Excellent job by the Justice Department in catching this villain.
Today’s Fraud of The Day is based on article “Authorities arrest man allegedly running ‘likely world’s largest ever’ cybercrime botnet” published by the Associated Press on May 29 2024.
An international law enforcement team has arrested a Chinese national and disrupted a major botnet that officials said he ran for nearly a decade, amassing at least $99 million in profits by reselling access to criminals who used it for identity theft, child exploitation, and financial fraud, including pandemic relief scams.
The U.S. Department of Justice quoted FBI Director Christopher Wray as saying Wednesday that the “911 S5” botnet — a network of malware-infected computers in nearly 200 countries — was likely the world’s largest.