The FBI along with numerous other government agencies have brought down the biggest botnet farm in the world and arrested its ringleader, the Department of Justice said in a statement Wednesday.
Yunhe Wang, 35, is accused of running 911 S5, which infected around 19 million computers worldwide and over 600,000 in the US alone. The scam began in 2018 and lasted until 2022.
Wang would then sell access to those infected computers to criminals who then used it for crimes as vile as child exploitation as well as identity theft and fraud, making around $99 million in the process officials said.
The criminals that Wang sold access too even attempted to steal around $5.9 billion in Covid-19 relief funds from the US government.
The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where it said he obtained citizenship through investment.
The domain for Wang's website has been seized in what federal officials have called Operation Tunnel Rat
Among the luxury items seized by authorities included a Ferrari F8 Spider, similar to this one
Among the toys that Wang bought with his illicit gains included a a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d and a Rolls Royce, all of which have been seized by the US government.
Wang was arrested in Singapore, and search warrants were executed there and in Thailand, the FBI´s deputy assistant director for cyber operations, Brett Leatherman, said in a LinkedIn post.
Authorities also seized $29 million in cryptocurrency, Leatherman said.
In 2022, 911 S5 was outed as a botnet and repackaged as CloudRouter, officials said.
The suspect is awaiting extradition from Singapore to the US where he could face up to 65 years in prison on charges of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.
Two of Wang's associates, Jingping Liu and Yanni Zheng, have been sanctioned by the US government for their roles in the crime.
Cybercriminals used Wang's network of zombie residential computers to steal 'billions of dollars from financial institutions, credit card issuers and accountholders, and federal lending programs since 2014,' according to an indictment filed in Texas´ eastern district.
The administrator, Wang, sold access to the 19 million Windows computers he hijacked - more than 613,000 in the United States - to criminals.
Those criminals in turn 'used that access to commit a staggering array of crimes that victimized children, threatened people´s safety and defrauded financial institutions and federal lending programs,' U.S. Attorney General Merrick Garland said.
He said criminals who purchased access to the zombie network from Wang were responsible for more than $5.9 billion in estimated losses due to fraud against relief programs.
Those criminals in turn 'used that access to commit a staggering array of crimes that victimized children, threatened people´s safety and defrauded financial institutions and federal lending programs,' U.S. Attorney General Merrick Garland said
Officials estimated 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.
Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from U.S.-based online service providers.
In its news release, the Justice Department thanked police and other authorities in Singapore and Thailand for their assistance.