The US and Singaporean governments have dismantled what they called “possibly the world's largest botnet” and arrested its administrators.
The 911 S5 botnet gave cybercriminals a way to hide their identities while carrying out their various schemes.
The news was confirmed by FBI Director Christopher Wray, who said, “The FBI worked with our international partners to conduct coordinated, sequential cyber operations to dismantle the 911 S5 botnet, perhaps the largest botnet in the world. We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and imposed sanctions against Wang and his co-conspirators.”
Millions of unique IPs
The news came hours after it was reported that the US government had imposed sanctions on three individuals and three companies for manufacturing and operating the 911 S5.
The individuals are Yunhe Wang, Jinping Liu and Yanni Chen, and the companies are Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited and Lily Sweets Company Limited, all owned by Yunhe Wang and registered in Thailand.
According to the US government, the group created a number of free VPN tools and made them available to the public, but installing and using them would infect devices with malware and join computers to a botnet.
The three then offered the botnet's services to various cybercriminals, who would use it to hide their online identities while carrying out various schemes. The U.S. government said that about two years ago, the botnet was used to make bomb threats across the United States.
The botnet reportedly had more than 19 million unique IP addresses, 600,000 of which were in the United States.
“king [..] “Wang managed and controlled approximately 150 dedicated servers around the world, approximately 76 of which were rented from U.S.-based online service providers,” the Justice Department said in a statement. “Using the dedicated servers, Wang deployed and managed applications, controlled and administered infected devices, operated the 911 S5 service, and provided paying customers with access to proxy IP addresses associated with the infected devices.”
Wang is suspected of making nearly $100 million by selling access to the botnet.
via Bleeping Computer