US Justice Department arrests Chinese national for involvement in large-scale botnet scam

The U.S. Department of Justice (DOJ) has arrested Yune Wang, a 35-year-old citizen of the People’s Republic of China and St. Kitts and Nevis, for his alleged role in a massive botnet scam.

According to the indictment, Wang is accused of creating and distributing malware that compromised a network of millions of Windows computers worldwide. This network, known as the 911 S5 botnet, is believed to have affected more than 19 million IP addresses between 2014 and 2022.

Selling hijacked IP addresses for crypto

Wang is suspected of selling hijacked IP addresses to cybercriminals for cryptocurrencies. Victims were located in more than 200 countries and the botnet’s activities facilitated a variety of computer crimes, including financial fraud, identity theft and child exploitation.

An analysis by blockchain analytics firm Chainalysis shows that wallet addresses linked to Wang hold more than $130 million in digital assets obtained through illegal commissions. Chainalysis states that the 911 S5 botnet provided its services by distributing deceptive free VPN services, which actually hijacked the IP addresses of millions of victims. This allowed 911 S5 administrators to make millions of dollars a year from a subscription service that gave cybercriminals access to their victims’ IP addresses.

More than half a million fraudulent unemployment claims via compromised IP addresses

DOJ law enforcement officials stated that 911 S5 customers also targeted certain pandemic relief programs. For example, 560,000 fraudulent unemployment claims allegedly originated from compromised IP addresses, resulting in a confirmed fraudulent loss of more than $5.9 billion.

In a joint operation with law enforcement officials from the United States, Singapore, Thailand and Germany, 23 domains and 70 servers that formed the backbone of Wang’s operations were seized. Also, $30 million in assets associated with 911 S5 were confiscated.