Authorities arrest suspected cybercriminal behind world's largest botnet

WASHINGTON — An international law enforcement team arrested a Chinese national and dismantled a massive botnet that authorities said he ran for nearly a decade, racking up at least $99 million in profits in reselling access to criminals who used it for identity theft, child exploitation and financial fraud, including pandemic relief scams.

The U.S. Justice Department on Wednesday cited FBI Director Christopher Wray as saying the “911 S5” botnet, a network of malware-infected computers in nearly 200 countries, was “probably the largest in the world “.

The court said in a press release that Yunhe Wang, 35, was arrested on May 24. Wang was arrested in Singapore and search warrants were executed there and in Thailand, FBI Deputy Director for Cyber ​​Operations Brett Leatherman said in a LinkedIn post. . Authorities also seized $29 million in cryptocurrency, Leatherman said.

Learn more: Influencers are scamming their fans via crypto. Here's how their tactics have evolved.

Cybercriminals used Wang's network of zombie home computers to steal “billions of dollars from financial institutions, credit card issuers and account holders, and federal loan programs since 2014,” according to a indictment filed in the Eastern District of Texas.

The administrator, Wang, sold access to the 19 million Windows computers he hijacked – more than 613,000 in the United States – to criminals who “used this access to commit a staggering range of crimes that have victimized children, threatened human safety, and defrauded federal financial institutions and lending programs,” U.S. Attorney General Merrick Garland said in announcing the withdrawal.

Learn more: Why Gen Z is surprisingly susceptible to financial scams

He said criminals who purchased botnet access from Wang were responsible for more than $5.9 billion in estimated losses from fraud against humanitarian aid programs. Authorities estimated that 560,000 fraudulent unemployment insurance claims came from compromised IP addresses.

Wang allegedly ran the botnet through 150 dedicated servers, half of which were rented from online service providers based in the United States.

The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where he obtained citizenship through investment.

In its press release, the Ministry of Justice thanked the police and other authorities in Singapore and Thailand for their assistance.