The American Justice Department (DOJ) has arrested Yunhe Wang, 35-year-old Chinese from St. Kitts and Nevis for the role he is believed to have played in a massive Botnet scam. Wang is accused of stealing over 19 million compromised private IP addresses and then selling them to other criminals.
Malware and Cybercrime Network
According to the May 29 indictment, Wang allegedly created and disseminated malware to build a network of compromised residential Windows computers worldwide. This network, known as the 911 S5 Botnet, affected over 19 million IP addresses.
Wang then sold these hijacked IP addresses to cybercriminals, facilitating a wide range of crimes, including financial fraud, identity theft, and child exploitation. The indictment also claims that between 2018 and July 2022, Wang earned around $99 million from selling the hijacked proxied IP addresses via his 911 S5 operation.
Additionally, the indictment lists numerous assets and properties to be seized. These include a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, several luxury wristwatches, 21 residential or investment properties across Thailand, Singapore, the U.A.E., St. Kitts and Nevis, and the United States, and 20 domain names.
Financial Impact and Legal Actions
Blockchain analytics firm Chainalysis revealed that wallet addresses linked to Wang held over $130 million in digital assets earned through illicit activities. The 911 S5 Botnet provided deceptive free VPN services, which secretly hijacked users’ IP addresses.
This service generated millions of dollars annually through a subscription model. DOJ officials noted that 911 S5 customers also targeted pandemic relief programs, resulting in over $5.9 billion in fraudulent unemployment insurance claims.
A joint operation between law enforcement agencies in the United States, Singapore, Thailand, and Germany led to the seizure of 23 domains and over 70 servers supporting Wang’s operations. Authorities also confiscated $30 million in assets connected to the 911 S5 Botnet.
Also Read: U.S Senators Question DOJ on Tornado Cash Charges