A Chinese national has been arrested for his role in operating a residential proxy service that was used to defraud billions of dollars from the US government and fund his lavish lifestyle, which included purchasing cars and properties luxury goods worldwide, the Justice Department announced Wednesday. .
YunHe Wang, 35, was arrested on May 24 and charged with creating a vast network of hacked computer devices, also known as a “botnet,” used to carry out cyberattacks, fraud, exploitation of children, bomb threats and export violations. » alleged the ministry. Wang operated the botnet, called “911 S5,” on about 150 servers worldwide from 2014 to 2022, according to an indictment unsealed last week.
Approximately 76 of the servers were rented from U.S.-based online service providers, the indictment states. The botnet infected more than 19 million IP addresses in nearly 200 countries, including more than 613,000 IP addresses located in the United States, according to prosecutors.
The Justice Department’s announcement comes after Wang and his two co-conspirators, Jingping Liu and Yanni Zheng, were sanctioned by the Treasury Department for their alleged involvement in the malicious botnet. The department also imposed sanctions on three luxury companies owned or controlled by Wang.
Authorities also searched Wang’s residences and seized property valued at approximately $30 million, as well as identified other property valued at approximately another $30 million, prosecutors said.
“The behavior alleged here appears to be drawn from a script,” Matthew Axelrod, assistant secretary for export controls at the Commerce Department, said Wednesday. “A project to sell access to millions of malware-infected computers around the world, allowing criminals around the world to steal billions of dollars, transmit bomb threats and trade money. child exploitation material – then using the nearly $100 million in profits from the project to buy luxury cars, watches and real estate.
The Justice Department partnered with the FBI and international law enforcement in Singapore, Thailand and Germany to take down the botnet and arrest Wang. This case is the latest in the federal government’s ongoing efforts to thwart increasingly prevalent global cybercrime.
These crimes can range from intellectual property theft to ransomware and can cost businesses billions of dollars in losses in addition to threatening critical sectors across the country, according to the State Department. In recent years, federal authorities have expanded their international operations and partnerships between countries to better address cyber threats.
“Urgency and severity of cyberattacks”:The EPA is urging water utilities to protect the nation’s drinking water in the face of increasing cyberattacks.
The 911 S5 botnet is “probably the world’s largest botnet ever created”
FBI Director Christopher Wray said in a statement Wednesday that 911 S5 was “likely the largest botnet ever created in the world.” According to the indictment, Wang allegedly distributed his malware through virtual private network programs and pay-to-install services, which allowed him to manage and control the approximately 150 servers.
Paying customers then gained access to proxy IP addresses linked to the hacked devices, the indictment says. Cybercriminals used these addresses to hide their locations and “anonymously commit a wide range of crimes,” the Justice Department said.
“These offenses include financial crimes, stalking, making bomb threats and threats of harm, illegally exporting goods, and receiving and sending child exploitation material.” , according to the department. “Since 2014, 911 S5 has allegedly allowed cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers and federal lending programs.”
Specifically, the botnet targeted relief programs related to the COVID-19 pandemic and filed approximately 560,529 fraudulent unemployment insurance claims, according to the indictment. Federal authorities confirmed that more than $5.9 billion was stolen.
The indictment further alleged that Wang amassed approximately $99 million – either in cryptocurrency or fiat currency – through his sales of infected proxy IP addresses. He used the illicit proceeds to purchase assets and luxury properties.
Wang purchased property in the United States, St. Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates, according to the indictment. He also owned dozens of other assets, such as luxury cars, watches, international bank accounts and cryptocurrency wallets.
Wang was charged with conspiracy to commit wire fraud, substantial wire fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum sentence of 65 years in prison.
Cybercrime and COVID-related fraud in the United States
Cybercrime poses a “significant and growing threat” to the nation’s national and economic security, according to the State Department. As people become increasingly dependent on information and communications technology, the ministry said more criminals continue to turn to the Internet.
Wang’s arrest also comes amid a push by federal officials for organizations to update and follow cybersecurity guidelines. Federal agencies have issued several advisories for cyberattacks by foreign groups in recent years.
In January, the FBI and Department of Justice announced that they had “dismantled a botnet of hundreds of small office and home office routers based in the United States that had been hijacked” by hackers linked to China. The group, known as “Volt Typhoon,” targeted critical infrastructure organizations in the United States, such as water systems and power grids.
The increase in malicious cyber incidents coincides with the increase in online communications during the COVID-19 pandemic, according to a 2023 Cyber Threat Study. Citing FBI data, the study says cybercrime increased by 400% during the pandemic.
“Cybercriminals discover the uncertainty brought by changing daily habits and the increased virtual existence is converted into available attack vectors,” the study notes.
In the four years since the pandemic began, the Internal Revenue Service has investigated more than 1,600 tax and money laundering cases related to COVID-19 fraud, potentially worth ‘about $8.9 billion, the agency said in March. The cases included fraudulently obtained loans, credits and payments intended for American workers, families and small businesses under the Coronavirus Aid, Relief and Economic Security (CARES) Act.
Contributor: Josh Meyer, USA TODAY