In a recent global law enforcement operation, authorities dismantled a colossal botnet that had been operating for nearly a decade. The U.S. Justice Department has accused YunHe Wang, a 35-year-old from the People’s Republic of China, of creating and spreading malware that infected millions of Windows computers worldwide. This malware formed a vast botnet known as 911 S5. Wang allegedly sold access to the compromised IP addresses to other cybercriminals, amassing millions of dollars.
Court documents reveal that Wang facilitated this by offering a free virtual private network (VPN), allowing users to hide their traffic, and bundling the malware with pirated software downloads. Cybercriminals who purchased access from Wang reportedly used these compromised computers for various illegal activities, including cyberattacks, fraud, online harassment, child exploitation, export violations, and bomb threats. The indictment claims that Wang's operations generated around $99 million in sales from 2018 to mid-2022, enabling him to acquire numerous assets globally, including 21 properties, several vehicles, and cryptocurrency wallets.
The 911 S5 botnet is also implicated in the theft of billions from financial institutions, credit card companies, and federal lending programs, as well as fraudulent claims on pandemic relief funds. Law enforcement discovered the operation when IP addresses bought from 911 S5 were used with stolen credit card information to make purchases on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. Following an international investigation, Wang faces charges of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. If convicted on all counts, he could face up to 65 years in prison.
Understanding Botnets
A botnet is a network of internet-connected computers and devices that cybercriminals control without the owners' knowledge. These botnets can be used for various malicious purposes, such as launching cyberattacks, performing credential stuffing (attempting to break into accounts using lists of stolen usernames and passwords), and mining cryptocurrency. Essentially, botnets hijack numerous devices to carry out activities that the actual owners would never approve of.
Lessons from the 911 S5 Botnet
Download Software from Legitimate Sources
Always ensure that you download software from reputable and verifiable sources. Remember, nothing is truly free; there's always a hidden cost. In this case, users who downloaded the "free" VPN had their devices co-opted for criminal activities. If you suspect that your device is compromised, it's crucial to remove any applications linked to 911 S5. The FBI has provided guidance on how to do this.
Beware of Shadow IT in Your Business
While 911 S5 primarily targeted personal users, it’s not far-fetched to consider that an employee might have installed similar malicious software on a work computer. It’s vital to ensure your team doesn’t install unauthorized software and instead relies on IT support for their needs. Unauthorized software can lead to operational and legal issues, including being part of a botnet.
If you need IT assistance, we're here to help. Business Solutions & Software Group supports businesses in South Florida with all aspects of information technology, ensuring smooth and secure operations. Contact us at (954) 575-3992 to learn more.