U.S. and international law enforcement agencies have dismantled what may be the world’s largest botnet, arresting its mastermind, YunHe Wang, and seizing over $30 million in assets. According to the May 29 indictment, the 35-year-old People’s Republic of China national was allegedly involved in a nefarious web of crimes from 2014 to 2022, turning everyday browsing into a hidden battlefield.
“This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5, a botnet that facilitated cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations,” Attorney General Merrick B. Garland explained. “As a result of this operation, YunHe Wang was arrested on charges that he created and operated the botnet and deployed malware. This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cyber criminals to account.”
The botnet, known as 911 S5, compromised millions of residential Windows computers worldwide, affecting over 19 million IP addresses. By offering hijacked IP addresses to cybercriminals for a fee, Wang’s operation became a gateway for various crimes, including identity theft and financial fraud. Notably, investigators linked approximately 560,000 fraudulent unemployment insurance claims worth over $5.9 billion and numerous credit card security breaches to compromised IP addresses facilitated by the botnet.
In a joint effort involving agencies from the United States, Singapore, Thailand, and Germany, authorities conducted coordinated raids, seizing 23 domains and over 70 servers that constituted the backbone of Wang’s operations. Among the assets seized were luxury cars, including a 2022 Ferrari F8 Spider and a BMW i8, and real estate across several countries. These tangible symbols of Wang’s illicit wealth were just a part of the extensive cybercrime empire he built over nearly a decade.
“Proxy services like 911 S5 are pervasive threats that shield criminals behind the compromised IP addresses of residential computers worldwide,” U.S. Attorney Damien M. Diggs for the Eastern District of Texas remarked. “Successfully tackling a problem of this scale is only possible with strong collaboration and exceptional investigative work between our law enforcement partners at home and abroad, and we stand ready to hold accountable anyone—no matter where they are located—who exploits our telecommunications infrastructure for their own criminal purpose.”
Wang faces several charges, including conspiracy to commit computer fraud and money laundering, with potential penalties amounting to 65 years in prison if convicted. “The scale of Wang’s operation and its global impact are unprecedented,” stated U.S. Attorney Damien M. Diggs. “This case underscores the sophisticated nature of cybercrime and the persistent threat it poses to financial and personal security worldwide.”
Meanwhile, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Wang and co. on May 28 for their crimes. “These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats,” remarked Under Secretary Brian E. Nelson. “Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from U.S. taxpayers.”