The zombie computer network 911 S5 It has been dismantled after the arrest of the Chinese citizen who operated it. Christopher WrayDirector of the FBI, has described it as 'the botnet biggest in the world' and has been operational for almost a decade, generating at least $99 million in profit, being used for criminal activities such as fraud, identity theft and child exploitationamong other.
A zombie computer network is made up of infected devices, without the legitimate owners being aware of it, and which are remotely controlled for whatever purposes the attacker desires. In this case, Yun He Wang, 35 years old, gave access to criminals, in exchange for a fee, who used it for different purposes. This extensive botnet spread in more than 190 countries and included more than 19 million computers.
As reported by the United States Department of Justice, Wang's arrest took place on May 24 thanks to collaboration with Singapore, Thailand and Germany. 'This operation, led by the Department of Justice, brought together law enforcement partners from around the world to disrupt 911 S5, a botnet that facilitated cyberattacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations', has assured the attorney general Merrick B. Garland in the press release.
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
🔗: https://t.co/sEdzhDoHflpic.twitter.com/R5UBMsOX6n
— US Department of Justice (@TheJusticeDept) May 29, 2024
To capture computers that he could use in his botnet, Wang spread his malware through VPN programs such as MaskVPN and DewVPN and pay-per-install services that They included their malware with other program filesincluding pirated versions of licensed software.
To control the network, Wang managed around 150 servers, of which 76 were contracted to suppliers based in the United States. Of the 19 million infected PCs, an estimated 600,000 are in this country.
Wang, who started operating the network in 2014, has used his profits to buy luxury cars and properties in the United States, Saint Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates. The operation has also seen Wang's assets valued at 30 million dollars and identify other properties for a similar value.
The 911 S5 network temporarily stopped its activity in 2022, when an investigation identified Wang as the person responsible. However, shortly after it re-emerged with another name, CloudRouter, offering the same services.
Wang faces charges of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering. If he is convicted of all of them, he could face up to 65 years in prison.