Authorities arrest man accused of running ‘likely world’s largest ever’ cybercrime botnet

  • Comments
  • Print
Listen to this story

Subscriber Benefit

As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
This audio file is brought to you by
0:00
0:00
Loading audio file, please wait.
  • 0.25
  • 0.50
  • 0.75
  • 1.00
  • 1.25
  • 1.50
  • 1.75
  • 2.00

An international law enforcement team has arrested a Chinese national and disrupted a major botnet that officials said he ran for nearly a decade, amassing at least $99 million in profit by reselling access to criminals who used it for identity theft, child exploitation and financial fraud, including pandemic relief scams.

The U.S. Department of Justice quoted FBI Director Christopher Wray as saying Wednesday that the “911 S5” botnet—a network of malware-infected computers in nearly 200 countries—was likely the world’s largest.

Justice said in a news release that Yunhe Wang, 35, was arrested May 24. Wang was arrested in Singapore, and search warrants were executed there and in Thailand, the FBI’s deputy assistant director for cyber operations, Brett Leatherman, said in a LinkedIn post. Authorities also seized $29 million in cryptocurrency, Leatherman said.

Cybercriminals used Wang’s network of zombie residential computers to steal “billions of dollars from financial institutions, credit card issuers and accountholders, and federal lending programs since 2014,” according to an indictment filed in Texas’ eastern district.

The administrator, Wang, sold access to the 19 million Windows computers he hijacked—more than 613,000 in the United States—to criminals who “used that access to commit a staggering array of crimes that victimized children, threatened people’s safety and defrauded financial institutions and federal lending programs,” U.S. Attorney General Merrick Garland said in announcing the takedown.

He said criminals who purchased access to the zombie network from Wang were responsible for more than $5.9 billion in estimated losses due to fraud against relief programs. Officials estimated 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.

Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from U.S.-based online service providers.

The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where it said he obtained citizenship through investment.

In its news release, the Justice Department thanked police and other authorities in Singapore and Thailand for their assistance.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our comment policy that will govern how comments are moderated.

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In