The Department of Justice officials recently announced the shut down of a global malware network that was responsible for the theft of $5.9 billion in Covid relief funds. The network was also tied to other crimes such as child exploitation and bomb threats. The main culprit behind this network was a 35-year-old Chinese national named YunHe Want, who was arrested by the DOJ. He was charged with creating a “botnet,” a type of malware that connects hacked devices to launch cyberattacks remotely. According to Federal Bureau of Investigation Director Christopher Wray, this botnet is likely the world’s largest ever seen.
Operations of the Botnet
From 2014 to 2022, Wang operated the botnet, known as “911 S5,” from approximately 150 servers worldwide. Some of these servers were located in the U.S. The botnet managed to hack into over 19 million IP addresses in nearly 200 countries, with about 614,000 of these IPs located in the U.S. The FBI released a guide to help users identify if their devices had been targeted by the 911 S5 attack and how to remove the malware. Wang allegedly sold access to compromised IP addresses to cybercriminals and gained at least $99 million, which he used to purchase luxury items and properties worldwide.
Aside from fraud, stalking, harassment, and illegal exportation of goods, 911 S5 was specifically used to target Covid relief programs. It is estimated that the botnet filed approximately 560,000 false unemployment insurance claims, resulting in the theft of $5.9 billion. This level of criminal activity was described by Assistant Secretary for Export Enforcement Matthew S. Axelrod as something out of a screenplay, but he emphasized the immense effort it took by domestic and international law enforcement agencies to bring down this scheme and make an arrest possible.
Arrest and Sanctions
The DOJ collaborated with the FBI and other law enforcement agencies globally to dismantle the botnet and apprehend Wang. This arrest occurred shortly after the Treasury Department sanctioned Wang and two others for their involvement with 911 S5. Additionally, sanctions were imposed on three companies owned or controlled by Wang. Wang faces a maximum 65-year prison sentence with charges including conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
These charges come at a time when U.S. law enforcement agencies are striving to update their protocols to combat more sophisticated cybersecurity threats. There is growing concern over Chinese-backed hackers targeting American infrastructure. In fact, the FBI announced the dismantling of the Chinese “Volt Typhoon” hacking group, which was engaged in targeting U.S. water plants and electric grids. FBI Director Wray highlighted the active cyberattacks on American economic security, theft of innovation, and data on a daily basis.
The shutdown of the global malware network responsible for the theft of billions in Covid relief funds underscores the importance of robust cybersecurity measures and international collaboration in combating cybercrime. The case serves as a stark reminder of the constant threat posed by cybercriminals and the necessity for law enforcement agencies to remain vigilant and adaptive in order to protect individuals and organizations from such malicious activities.
Leave a Reply