News
Chinese national charged with operating ‘world’s largest botnet’ linked to billions in cybercrimes
Colonial Pipeline hack only latest in rising ransomware threats
Hackers hit hundreds of critical systems last year and watchdogs say we’re not doing enough head off more.
STAFF VIDEO, USA TODAY
A Chinese national has been arrested for his role in operating a residential proxy service that was used to defraud billions of dollars from the U.S. government and fund his lavish lifestyle, which included buying luxury cars and property around the world, the Department of Justice announced Wednesday.
YunHe Wang, 35, was arrested on May 24 and charged with creating a massive network of hijacked computer devices, also known as a “botnet,” that was used to conduct cyber attacks, fraud, child exploitation, bomb threats, and export violations, the department alleged. Wang administered the botnet, called “911 S5,” through about 150 servers worldwide from 2014 to 2022, according to an indictment unsealed last week.
About 76 of the servers were leased from online service providers based in the United States, the indictment said. The botnet infected over 19 million IP addresses in nearly 200 countries, including over 613,000 IP addresses located in the United States, according to prosecutors.
The Justice Department announcement comes after Wang and his two co-conspirators, Jingping Liu and Yanni Zheng, were sanctioned by the Department of Treasury for their alleged involvement with the malicious botnet. The department also imposed sanctions on three luxury companies Wang owned or controlled.
Authorities also searched Wang’s residences and seized assets valued at about $30 million as well as identifying other property valued at roughly an additional $30 million, prosecutors said.
“The conduct alleged here reads like it’s ripped from a screenplay,” Matthew Axelrod, assistant secretary for export control at the Department of Commerce, said in a statement Wednesday. “A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate.”
The Department of Justice partnered with the FBI and international law enforcement agencies in Singapore, Thailand, and Germany to dismantle the botnet and arrest Wang. The case is the latest in the federal government’s ongoing effort to thwart global cybercrime, which has become increasingly widespread.
These crimes can range from intellectual property theft to ransomware and can cost businesses billions of dollars in losses in addition to threatening critical sectors across the country, according to the Department of State. In recent years, federal authorities have expanded their international operations and country-to-country partnerships in order to better address cyber threats.
‘Urgency and severity of cyberattacks’: EPA urges water utilities to protect nation’s drinking water amid heightened cyberattacks
911 S5 Botnet ‘likely the world’s largest botnet ever’
FBI Director Christopher Wray said in a statement Wednesday that 911 S5 is “likely the world’s largest botnet ever.” According to the indictment, Wang allegedly spread his malware through Virtual Private Network programs and pay-per-install services, which allowed him to manage and control the roughly 150 servers.
Paying customers were then given access to proxied IP addresses that were linked to the hacked devices, the indictment said. Cybercriminals used those addresses to hide their locations and “anonymously commit a wide array of offenses,” the Department of Justice alleged.
“These offenses including financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials,” according to the department. “Since 2014, 911 S5 allegedly enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs.”
Specifically, the botnet targeted COVID-19 pandemic relief programs and filed an estimated 560,529 fraudulent unemployment insurance claims, according to the indictment. Federal authorities confirmed that more than $5.9 billion was stolen as a result.
The indictment further alleged that Wang had amassed about $99 million — either in cryptocurrency or fiat currency — from his sales of the infected proxied IP addresses. He used the illicit proceeds to purchase luxury assets and property.
Wang bought property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates, according to the indictment. He also had dozens of other assets, such as luxury cars, watches, international bank accounts, and cryptocurrency wallets.
Wang was charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum of 65 years in prison.
Cybercrime, COVID fraud in the U.S.
Cybercrime is a “significant and growing threat” to the country’s national and economic security, according to the State Department. As people become more dependent on information and communication technologies, the department said more criminals continue to shift online.
Wang’s arrest also comes amid a push from federal officials for organizations to update and follow cybersecurity guidelines. Federal agencies have issued multiple advisories for cyberattacks committed by foreign groups in recent years.
In January, the FBI and Department of Justice announced that they had “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked” by China-linked hackers. The group, known as “Volt Typhoon,” targeted critical infrastructure organizations in the United States, such as water systems and electric grids.
The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.
“Cybercriminals find the uncertainty brought by changing daily habits opportune and the increased virtual existence is converted into available attack vectors,” the study noted.
In the four years since the onset of the pandemic, the Internal Revenue Service has investigated over 1,600 tax and money laundering cases related to COVID-19 fraud potentially worth about $8.9 billion, the agency said in March. Cases included fraudulently obtained loans, credits and payments meant for U.S. workers, families and small businesses under the Coronavirus Aid, Relief and Economic Security, or CARES, Act.
Contributing: Josh Meyer, USA TODAY
U.S. President Donald Trump pumps his fist after touring the inside of the newest aircraft in the presidential fleet at Andrews Air Force Base on June 19, 2026 at Joint Base Andrews, Maryland.
Alex Wong
/Getty Images
hide caption
toggle caption
Alex Wong
/Getty Images
The newest Air Force One jet, gifted to President Trump from the Qatari government, arrived ahead of schedule on Friday to Joint Base Andrews in Maryland.
On Friday afternoon, Trump toured the luxury Boeing 747 plane that initially stirred controversy. The plane was one of the biggest foreign gifts ever received by the U.S. government and raised legal and ethical questions after Qatar offered to replace the presidential jet last year. Trump said last May he’d be “stupid” not to accept the offer. Industry groups originally said the plane could be worth approximately $400 million.
Trump also spoke standing in front of the plane, thanking the Emir of Qatar.
The president praised the workmanship of the plane, describing it as the “world’s most luxurious plane.” He also called it the “largest Air Force One ever built,” adding “it flies further and faster than any Air Force One.”
“This plane was transformed into a flying White House at a level of luxury that nobody’s ever seen before, probably even almost outside of an airplane,” Trump said. “Nobody’s ever seen anything like this, and in only 10 months, a timeframe no one thought possible.”
The exterior of the jet is no longer light blue, silver, and white – a fixture since the Kennedy administration. Trump unveiled the new red, white and blue color scheme.
“It was time for a change. … Everything was designed good. It was my taste,” Trump said saying that he approved the new color scheme, which reflects the American flag.
The VC-25B Bridge aircraft will now undertake its commissioning flights, what the Air Force calls a “final exam” for the plane. The plane was modified after serving the Qatari Head of State.
“Once these flights are successfully completed, the aircraft is officially ‘commissioned’ into the active executive airlift fleet and becomes available for presidential missions,” an Air Force press release said.
The aircraft from Qatar will “serve as a bridge until the [long-term] VC-25B is delivered,” according to earlier communications from the Air Force. The plane was delivered well before expectations. The Air Force originally estimated the plane would be delivered in 2028 but said by modifying requirements it could deliver the first aircraft in 2027. The modifications “were carefully crafted to prioritize mission over aesthetics, leaving much of the previous head of state interior layout minimally changed,” the Air Force said.
Air Force Chief of Staff Gen. Ken Wilsbach praised the delivery.
“Many thought it could not be done, but the United States Air Force was able to execute and provide a secure, reliable airborne command post on an accelerated timeline,” he said.
Algae turns the newly repainted Lincoln Memorial Reflecting Pool green on the National Mall on Tuesday in Washington, DC.
Chip Somodevilla/Getty Images
hide caption
toggle caption
Chip Somodevilla/Getty Images
WASHINGTON — The Lincoln Memorial reflecting pool is once again making headlines, this week for turning green.
The Washington, D.C. landmark was refilled with water earlier this month after President Trump had its neutral grey bottom repainted “American flag blue.” The multi-million dollar project produced subtle results in the eyes of many observers, even as Trump and Secretary of the Interior Doug Burgum — whose agency managed the renovation — touted its success.
In recent days, however, the pool has taken on a verdant hue — the result of algae blooms that experts say are to be expected in these conditions.
“It’s called ‘New Pond Syndrome,’” says Steve Goodale, a Canadian swimming pool specialist known online as “Swimming Pool Steve.” “It’s a known thing that happens when you take a natural, clear body of water like this that sits in an open air environment and you try to start it up, very often you end up with green water almost immediately.”
Goodale says the process took longer — a matter of days — to unfold in this case likely due to the sheer size of the pool, which measures 2,030 feet long and has a surface area of approximately 338,000 square feet.
“Excellent conditions” for algae growth
Rosalina Stancheva Christova, a professor of aquatic ecology at George Mason University in Virginia, took water samples from the pool on Tuesday. She confirmed the algae belongs to the genus Desmodesmus, which she said is “growing in excessive amounts” but is not toxic or harmful.
Christova says this kind of common green algae is found all over the region, especially this time of year. The reflecting pool in particular provides “excellent conditions” for algae growth, she said: shallow, stagnant water, strong sunlight and no shade.
“It could happen every single summer,” she added. “But it seems that the disturbance of the pond during the renovations [is] accelerating this process.”
Christova said last month’s renovations may have affected the balance of nutrients in the pool, potentially accelerating the algae blooms. Goodale similarly views the resurfacing as one of several contributing factors.
“The new, darker interior surface is going to absorb more sunlight,” Goodale says. “It is going to result in water that’s warmer, and that ultimately is going to lead to more prolific algae growth.”
A microscopic slide shows the Desmodesmus algae that quickly turned the Reflecting Pool’s water green. The new dark blue paint of the pool’s lining makes the water warmer and friendlier to the algae growth.
Rosalina Stancheva Christova, PhD.
hide caption
toggle caption
Rosalina Stancheva Christova, PhD.
The Trump administration has said the algae came from residual material in supply lines that had lain dormant for weeks. Their growth was likely exacerbated by the extreme temperatures that hit D.C. last week, bringing heat index values to 95 degrees and above.
Algae has resurfaced in the reflecting pool periodically over the years — including immediately after it reopened from its last major renovation in 2012, forcing the National Park Service to drain it, refill it and recalibrate its ozone level. And in 2019, crews had to drain four million gallons from the pool to fix a broken water line that had algae growing in it.
An Interior Department spokesperson told NPR over email that algae and other contaminants have “long plagued the Reflecting Pool since 1922,” pointing to the Obama-era renovation as an example.
“Unlike under Obama and Biden, the National Park Service is actually maintaining the beautifully completed Reflecting Pool,” they added.
Responding with tiny bubbles and big vacuums
Workers battle the fast-growing common algae in the Lincoln Memorial Reflecting Pool on Thursday.
Rachel Treisman/NPR
hide caption
toggle caption
Rachel Treisman/NPR
The Trump administration is using a mix of mitigation strategies, including pouring hydrogen peroxide into the water to kill the algae.
The Interior Department says hydrogen peroxide is a “milder treatment than chlorine and is used in spas and specialty pools like natural swimming pools,” adding “there are no harmful side effects to marine life or to the environment.”
Workers are also deploying what the department calls “high-tech nanobubble ozone technology” to neutralize algae and other pathogens in the pool. The department says that approach is validated by several universities and the National Oceanic & Atmospheric Administration.
Those ozone bubbles are so tiny the human eye can’t even see them, Goodale says.
“The best way to describe it is that the bubbles are neutrally buoyant, so they won’t just rise to the surface and disappear readily,” he explains. “They can last for weeks, if not months in the water, doing their oxidizing thing and keeping the algae at bay.”
‘A monumental effort’
Goodale says it’s more complicated than treating the average backyard swimming pool, since the reflecting pool — despite its name — is actually more akin to a “manmade shallow lake.” He says it’s hard to predict just how long it will take to completely solve the algae problem, calling it “a monumental effort, literally.”
The Interior Department posted on X Wednesday that the nanobubble technology had “very effectively killed the algae,” and National Park Service crews would spend several days vacuuming up the dead algae from the bottom of the pool.
But as of Thursday morning, much of the pool — especially in the center — was still bright green.
Work continued on both ends of the pool. Nanobubble machines deposited their tubes into the water, as mobile vacuuming systems known as “trash pumps” hummed loudly from the shore. Handfuls of workers stood either in the pool or on the edge maneuvering long-handled vacuums back and forth. Their contents, including pistachio-colored water, poured out of hoses laying in the nearby grass.
The work zones were marked off by orange cones, but passersby walking the length of the pool appeared relatively unfazed. Some stopped to peer down and snap pictures of the water itself — including sections of paint that had visibly peeled off — while others were more focused on getting a photo of the Washington Monument in the background.
Loay Hidmi was walking deliberately along the edge of the pool closest to the Lincoln Memorial, hands clasped behind his back, looking over the ledge. The relatively new D.C. resident is a civil engineer who specializes in water treatment, and has been coming by the pool all week to see the progress for himself. He estimates it’s about 80% of the way there.
“I’m taking pictures of it … for the last week and I can see the gradual change,” he said. “So I’m hopeful. But we’ll have to see if it gets sustained.”
What happens next?
Hidmi worries that the algae could come back, given the favorable conditions posed by the sunny, shallow pool.
He acknowledges that’s mostly an aesthetic concern, given how much the administration has just spent on repainting the pool, but says it also raises questions about their process.
“In water systems, when you fix something, you need to look at the step before it and the step after,” he said.
Goodale agrees. He says that when a water system is taken offline, the pipes still remain full of water — “they don’t just gravity-drain away” — and need to be flushed out before any refilling. And he says eliminating algae is no substitute for dealing with underlying filtration issues.
“That’s like the equivalent of mowing the lawn when perhaps it needs to be something else that addresses the source nitrates and phosphorus, so that it’s more like pulling the weeds out by the root,” he says.
The algae doesn’t bother the ducklings swimming in the Reflecting Pool. Experts say the hydrogen peroxide used to get rid of the algae is safe for them, too.
Rachel Treisman/NPR
hide caption
toggle caption
Rachel Treisman/NPR
In the meantime, Christova, the algae expert, would like to see the water monitored weekly.
“If we don’t have any control over algal growth, we don’t know what is growing,” she said, adding that not all types of algae are as harmless as the one currently blooming in the pool.
When asked about plans for maintenance and algae prevention, White House spokesperson Taylor Rogers told NPR: “Thanks to President Trump, new lining and industrial grade materials will permanently seal the Reflecting Pool, which previously leaked 16 million gallons per year and wasted countless taxpayer dollars.”
Even after the Obama-era renovation, the reflecting pool suffered from broken pipes and water leaks requiring costly refills, according to a Department of the Interior report from fiscal year 2023. It called for new expansion joints, supply and return lines with thicker walls, saying “an improved distribution system will ensure the water can be circulated through the treatment plant, filtered, and treated with ozone.”
This latest renovation does not appear to have addressed the pipe problems, even though it did involve replacing failing expansion joints, resealing the pool, removing truckloads of garbage and “fixing the water system, drainage and so much more,” as Trump wrote on Truth Social in May.
Along the way, the cost of the project grew from Trump’s initial $2 million price tag to at least $14 million. Federal contract records show the government is paying $1.7 million to an Ohio-based company for the nanobubble technology alone.
“The scope of the Project has been greatly enlarged as we became involved because we realized how important it would be to Washington, D.C., and the record number of visitors coming to our now very safe Capital for all of the upcoming events in celebration of our 250th Anniversary,” Trump wrote.
The National Mall is hosting a number of semiquincentennial events on and around July 4, including a weekslong state fair that kicks off Wednesday evening.
Three San Francisco couples set out Monday for their annual road trip to Ashland, Ore., for the town’s famous Shakespeare festival. They drove separately and planned to meet at 6:30 p.m. on the terrace of their favorite Japanese restaurant there.
They had booked a table for six, but only four showed up for dinner.
Judith and Wylie Sheldon were found dead in their running car on the side of the road to Oregon, shocking their friends and family and leaving a hole in San Francisco’s arts and film world.
Ms. Sheldon, 84, was the daughter of William Wyler — who won three Oscars for best director — and chaired the board of the San Francisco Silent Film Festival. Mr. Sheldon, 86, was a prominent lawyer.
David Smith, who had befriended the couple more than 40 years ago, said in an interview that he and the others at the dinner table had grown nervous as time ticked on and their friends did not answer repeated calls to their cellphones. They learned they had not checked into their hotel either.
The friends eventually learned from one of the couple’s sons that the California Highway Patrol had found the couple at 5:46 p.m., both dead inside their running Jeep Compass. It was parked on the side of Interstate 5, north of Redding, Calif., more than 100 miles from their destination, the authorities said. Ms. Sheldon was driving, while Mr. Sheldon was in the passenger seat, according to the authorities.
The Redding area on Monday was under an extreme heat warning issued by the National Weather Service. Temperatures reached 109 degrees, according to the Weather Service.
Mr. Smith said he learned from the son that the couple had been found without any water or other liquids in the car. The fan was on high, but the air conditioning was not working, meaning they might have been blasted with hot air, Mr. Smith said. The windows were rolled down. The car had plenty of gas, and there were no signs of mechanical failure or foul play, Mr. Smith said the son told him.
“They didn’t crash. They stopped. They both just died there,” Mr. Smith said. “The entire thing is so bizarre. We’re still in a state of shock.”
The circumstances and cause of the couple’s death is under investigation but “appears to be medically related,” the Highway Patrol said in a statement.
Whether the heat contributed to the couple’s death “may be determined” by an autopsy, a spokesman for the Shasta County Sheriff’s Office said, adding that one had not been scheduled yet and could take several weeks to complete.
“We’ll just have to see,” the spokesman, Tim Mapes, said.
The Sheldons met at Stanford University and had two sons. They lived in a large home in San Francisco’s upscale Pacific Heights neighborhood that had views of the bay from the front and a garden out back.
They hosted many parties there on behalf of the San Francisco Silent Film Festival and sometimes let revelers pose for photos with Mr. Wyler’s Oscar statuettes. Ms. Sheldon fell in love with silent movies after first seeing those created by her father — before his better known blockbusters like “Ben-Hur” and “Roman Holiday” — only about 30 years ago, said Anita Monga, artistic director of the festival.
Stacey Wisnia, the festival’s executive director, said the couple was generous, delightful and unassuming.
Back in Ashland, Ore., Mr. Smith said the four remaining friends had distracted themselves from their grief by attending plays, including “A Midsummer Night’s Dream” and “Come From Away.” They were able to give away their friends’ tickets.
Ms. Monga had last seen Ms. Sheldon just last month at the film festival, which was held at the newly remade Castro Theater.
“This is such a shock,” Ms. Monga said of the deaths. “Also because it’s still a mystery.”
-
Detroit, MI2 minutes agoToday in History: June 20, race-related rioting erupts in Detroit
-
San Francisco, CA11 minutes agoSan Francisco hotels see steady World Cup business, but fall short of Super Bowl surge
-
Dallas, TX17 minutes agoDallas International Piano Competition brings finalists June 23
-
Miami, FL24 minutes agoWhere to watch San Francisco Giants vs Miami Marlins: TV channel, start time, streaming for June 20
-
Boston, MA27 minutes agoDuck parades, outdoor drinking, and Gronk in a kilt. Here’s how Friday’s World Cup festivities unfolded. – The Boston Globe
-
Denver, CO32 minutes agoRockies ride Kyle Freeland’s gem, Braxton Fulford’s double to 4-3 win over Pirates
-
Seattle, WA39 minutes agoSuarez’s no-hit try ends on Naylor double in seventh, but Boston still tops Seattle
-
San Diego, CA42 minutes agoNeymar expected to return from right calf injury and play for Brazil in World Cup against Scotland
