The seal of the US Department of Justice in Washington, DC on March 21, 2024.
Mandel Ngan | Afp | Getty Images
A global malware network responsible for the theft of $5.9 billion in Covid relief funds and tied to other crimes like child exploitation and bomb threats has been shut down, Department of Justice officials announced Wednesday.
The DOJ arrested 35-year-old YunHe Wang, a Chinese national who was charged with creating the “botnet,” a kind of malware that connects a network of hacked devices, which criminals can then use remotely to launch cyberattacks.
Federal Bureau of Investigation Director Christopher Wray said it is “likely the world’s largest botnet ever.”
From 2014 to 2022, Wang launched and operated the botnet, called “911 S5,” from roughly 150 servers worldwide, including some in the U.S., according to the indictment. 911 S5 hacked into over 19 million IP addresses in nearly 200 countries, about 614,000 of which were in the U.S., according to the DOJ.
Wang allegedly sold access to the compromised IP addresses to cybercriminals and amassed at least $99 million, which he used to buy luxury cars, watches and property around the world.
911 S5 was also used for fraud, stalking, harassment, illegal exportation of goods and other crimes, the DOJ said. In particular, the botnet targeted Covid relief programs and filed an estimated 560,000 false unemployment insurance claims, stealing $5.9 billion.
“The conduct alleged here reads like it’s ripped from a screenplay,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod of the U.S. Department of Commerce’s Bureau of Industry and Security.
“What they don’t show in the movies though is the painstaking work it takes by domestic and international law enforcement, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen,” Axelrod added in his statement.
The DOJ partnered with the FBI and other law enforcement agencies internationally to dismantle the botnet and arrest Wang.
Wang is facing a maximum 65-year prison sentence with four criminal counts: conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.
The charges come as U.S. law enforcement agencies try to update protocols to keep up with more sophisticated cybersecurity threats.
In recent years, the U.S. has expressed particular concern for China-backed hackers looking to subvert American infrastructure.
In January, the FBI announced that it had dismantled the Chinese “Volt Typhoon” hacking group, which had been targeting U.S. water plants, electric grids and more.
“Today, and literally every day, they’re actively attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data,” Wray said at a January hearing.