Most people know that cybercrimes are on the rise and that they have to be very careful online nowadays. However, the arrest of 35-year-old Chinese national YunHe Wang from Singapore has provided insights into how massive some of these criminal operations could be. In what could likely be the biggest botnet attack ever, 19 million devices were targeted globally, of which 613,841 IP addresses are in the US.

The arrest has been made by a court-authorized international law enforcement operation led by the US Justice Department. According to the Justice Department’s release, Wang has been arrested for criminal charges for deploying malware and the creation and operation of a residential proxy service “911 S5.”

Attorney General Merrick B. Garland said, “This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5, a botnet that facilitated cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.”

Wang allegedly used malware to compromise and amass a massive network of residential Windows computers across the world that he then used to make millions of dollars.

What Are Botnet Attacks?

A bot is malware that infects a computer which can then carry out commands under the remote control of the attacker without the authorization of the user who owns the device. The term botnet is formed from two terms – robot and network. When a single attacking party, often known as a “bot-herder,” forms a network of malware-infected systems it is known as a botnet. Bot-herders also often “rent” access to their botnet to unscrupulous elements and earn money in exchange. It’s kind of like running a decentralized datacenter off of the computers of malware victims.

The video below explains the concept of a botnet attack well if you’re interested in learning more.

What was allegedly carried out by Wang was a classical botnet attack. Where it stands out is the scale which FBI Director Christopher Wray said was “likely the world’s largest botnet ever.”

The indictment alleges that between 2018 and July 2022, Wang made almost $100 million by selling the hijacked proxied IP addresses and received payments in both cryptocurrencies and fiat currency.

The 911 S5 helped steal billions of dollars from federal lending programs, financial institutions, and credit card issuers. The total losses from the botnet attack likely exceed $1 billion. While Wang’s botnet was massive, it was far from the only major player that law enforcement officials are trying to track down.

Botnets have been a major challenge for law enforcement agencies. In its release, the Justice Department said that the US estimates “560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion.”


How Did Wang Pull Off the Botnet Scam?

Wang allegedly had a network of 150 dedicated servers, 76 of which were leased from US-based online service providers. He used his malware to infect millions of computers and then sold access to these infected systems to cybercriminals.

In its release, the Justice Department said, “These criminals used the hijacked computers to conceal their identities and commit a host of crimes, from fraud to cyberstalking.”

According to the Justice Department, Wang’s 911 S5 botnet, which was hosted on servers based in the US, enabled cybercriminals located outside of the country to purchase goods with money from criminal activities and stolen credit cards, and illegally export them outside the US. The activity also flagrantly broke the country’s export laws including the Export Administration Regulations (EAR).

Meanwhile, Wang used the money from his botnet scam to acquire properties in the US, China, St. Kitts and Nevis, Thailand, Singapore, and the United Arab Emirates. Apart from these real estate assets, the indictment has identified assets like multiple luxury cars, several luxury wristwatches, over a dozen bank accounts, and more than two dozen cryptocurrency wallets, which are all subject to forfeiture. The FBI and its partners also seized $29 million in cryptocurrencies.

Wang has been charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, substantive computer fraud, and conspiracy to commit money laundering. He faces up to 65 years in prison if convicted on all counts, and he likely could be charged for even more crimes if the DOJ deems it necessary.

Botnet Attacks Have Been on a Rise: How to Protect Yourself?

While the scale of Wang’s botnet attack is mindboggling, these have been on the rise. In 2022, human-initiated bot attacks rose 57% in North America while automated bot attacks rose 32%.

There are several ways we can try to fend off botnet attacks. These include

  • Keep the systems up to date and install all updates when available
  • Install strong antivirus and antimalware tools and keep them updated
  • Use strong passwords and wherever possible deploy multi-factor authentication
  • Be careful while opening suspicious emails, especially those with attachments.

While none of these strategies might be 100% foolproof they are still the beginning block for anyone who wants to safeguard their device against botnet attacks.