Connect with us

News

Chinese national charged with operating ‘world’s largest botnet’ linked to billions in cybercrimes

Published

on

Chinese national charged with operating ‘world’s largest botnet’ linked to billions in cybercrimes
play

A Chinese national has been arrested for his role in operating a residential proxy service that was used to defraud billions of dollars from the U.S. government and fund his lavish lifestyle, which included buying luxury cars and property around the world, the Department of Justice announced Wednesday.

YunHe Wang, 35, was arrested on May 24 and charged with creating a massive network of hijacked computer devices, also known as a “botnet,” that was used to conduct cyber attacks, fraud, child exploitation, bomb threats, and export violations, the department alleged. Wang administered the botnet, called “911 S5,” through about 150 servers worldwide from 2014 to 2022, according to an indictment unsealed last week.

Advertisement

About 76 of the servers were leased from online service providers based in the United States, the indictment said. The botnet infected over 19 million IP addresses in nearly 200 countries, including over 613,000 IP addresses located in the United States, according to prosecutors.

The Justice Department announcement comes after Wang and his two co-conspirators, Jingping Liu and Yanni Zheng, were sanctioned by the Department of Treasury for their alleged involvement with the malicious botnet. The department also imposed sanctions on three luxury companies Wang owned or controlled.

Authorities also searched Wang’s residences and seized assets valued at about $30 million as well as identifying other property valued at roughly an additional $30 million, prosecutors said.

“The conduct alleged here reads like it’s ripped from a screenplay,” Matthew Axelrod, assistant secretary for export control at the Department of Commerce, said in a statement Wednesday. “A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate.”

Advertisement

The Department of Justice partnered with the FBI and international law enforcement agencies in Singapore, Thailand, and Germany to dismantle the botnet and arrest Wang. The case is the latest in the federal government’s ongoing effort to thwart global cybercrime, which has become increasingly widespread.

These crimes can range from intellectual property theft to ransomware and can cost businesses billions of dollars in losses in addition to threatening critical sectors across the country, according to the Department of State. In recent years, federal authorities have expanded their international operations and country-to-country partnerships in order to better address cyber threats.

‘Urgency and severity of cyberattacks’: EPA urges water utilities to protect nation’s drinking water amid heightened cyberattacks

911 S5 Botnet ‘likely the world’s largest botnet ever’

FBI Director Christopher Wray said in a statement Wednesday that 911 S5 is “likely the world’s largest botnet ever.” According to the indictment, Wang allegedly spread his malware through Virtual Private Network programs and pay-per-install services, which allowed him to manage and control the roughly 150 servers.

Paying customers were then given access to proxied IP addresses that were linked to the hacked devices, the indictment said. Cybercriminals used those addresses to hide their locations and “anonymously commit a wide array of offenses,” the Department of Justice alleged.

Advertisement

“These offenses including financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials,” according to the department. “Since 2014, 911 S5 allegedly enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs.”

Specifically, the botnet targeted COVID-19 pandemic relief programs and filed an estimated 560,529 fraudulent unemployment insurance claims, according to the indictment. Federal authorities confirmed that more than $5.9 billion was stolen as a result.

The indictment further alleged that Wang had amassed about $99 million — either in cryptocurrency or fiat currency — from his sales of the infected proxied IP addresses. He used the illicit proceeds to purchase luxury assets and property.

Wang bought property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates, according to the indictment. He also had dozens of other assets, such as luxury cars, watches, international bank accounts, and cryptocurrency wallets.

Wang was charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum of 65 years in prison.

Advertisement

Cybercrime, COVID fraud in the U.S.

Cybercrime is a “significant and growing threat” to the country’s national and economic security, according to the State Department. As people become more dependent on information and communication technologies, the department said more criminals continue to shift online.

Wang’s arrest also comes amid a push from federal officials for organizations to update and follow cybersecurity guidelines. Federal agencies have issued multiple advisories for cyberattacks committed by foreign groups in recent years.

In January, the FBI and Department of Justice announced that they had “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked” by China-linked hackers. The group, known as “Volt Typhoon,” targeted critical infrastructure organizations in the United States, such as water systems and electric grids.

The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.

Advertisement

“Cybercriminals find the uncertainty brought by changing daily habits opportune and the increased virtual existence is converted into available attack vectors,” the study noted.

In the four years since the onset of the pandemic, the Internal Revenue Service has investigated over 1,600 tax and money laundering cases related to COVID-19 fraud potentially worth about $8.9 billion, the agency said in March. Cases included fraudulently obtained loans, credits and payments meant for U.S. workers, families and small businesses under the Coronavirus Aid, Relief and Economic Security, or CARES, Act.

Contributing: Josh Meyer, USA TODAY

News

Waymo called the cops on teen riders, raising privacy concerns

Published

on

Waymo called the cops on teen riders, raising privacy concerns

A Waymo robotaxi drives in San Francisco’s North Beach neighborhood this week.

Heather Diehl/Getty Images


hide caption



toggle caption

Advertisement

Heather Diehl/Getty Images

Police in San Mateo, Calif., posted Monday on social media that they had apprehended a pair of teenagers from a Waymo driverless robotaxi after the company alerted authorities to suspected criminal activity. It’s the latest incident involving video surveillance of passengers and others by autonomous vehicles — raising questions about the limits of privacy in such vehicles.

The Facebook post by the San Mateo County Police said: “Parents do you know where your teens are? @waymo does!”

The 15-year-olds were allegedly drinking alcohol and shooting toy guns from the car, according to the police. They said Waymo’s systems detected behavior that then triggered a safety response, after which the company disabled the vehicle and contacted police.

Advertisement

Waymo’s cars, equipped with an array of cameras, microphones and other sensors to monitor passengers and other nearby vehicles, are becoming more common in cities across the United States. Experts say the detention of the two teens in San Mateo highlights a potential — but not inevitable — trade-off between privacy and convenience. It also questions the extent to which companies similar to Waymo are required to hand over private data, including audio and video of passengers, in situations where a crime is suspected.

NPR reached out to Waymo, which is owned by Alphabet, the parent company of Google, for comment on the details of the San Mateo incident and how the company responded, but did not hear back. But on its website, the company says that as many as 29 cameras in its autonomous cars provide an all-around view and “are designed with high dynamic range and thermal stability, to see in both daylight and low-light conditions, and tackle more complex environments.”

“There already exist laws that govern duty to report or even duty to protect” for carriers such as Waymo, according to Alessandro Acquisti, a professor of information technology at the MIT Sloan School of Management. “The privacy problems arise when and if driverless carrier companies used such laws or ethical obligations as a pretext for blanket, indiscriminate accumulation of identifiable data for unspecified future purposes.”

That includes not just monitoring people inside the cars, but outside too. Take, for example, a hit-and-run investigation last year in Los Angeles. Media reported that the police inquiry was aided by video captured by a Waymo taxi that had a clear view of the crime. Critics suggested at the time that authorities were using the company’s vehicles as a mobile surveillance platform. And during 2025 protests in Los Angeles against Immigration and Customs Enforcement crackdowns, demonstrators vandalized Waymos, apparently angry that video recorded by the vehicles could be used by police, although there is no evidence that happened.

Continue Reading

News

Trump fires last members of election commission, inciting fears of midterm ‘chaos’

Published

on

Trump fires last members of election commission, inciting fears of midterm ‘chaos’

Donald Trump has terminated the remaining members of the independent, federal commission that assists election administration officials nationwide just a few months before the midterm elections, multiple outlets reported Thursday.

The remaining three commissioners of the four-member bipartisan commission ⁠were forced out on Thursday in different ways. The one Republican appointee resigned and the other ⁠two, Democratic appointees were notified of their terminations via email from ​the White House presidential personnel office.

“On ‌behalf of President ‌Donald J Trump, I am writing to inform you that your position ‌as Commissioner of the Election Assistance Commission is terminated, effective immediately. Thank you for your service,” the email, seen by Reuters, said.

The White House did not immediately respond to a request for comment.

The Election Assistance Commission serves as a “national clearinghouse of information on election ‌administration”, accredits testing laboratories and certifies voting systems, and maintains the national mail-voter registration form developed by the National ​Voter Registration Act of 1993, according to the commission’s website. The terminations follow Trump and top administration officials’ advocacy to change vote-by-mail requirements and investigations into the 2020 election outcome, which Trump lost to Democrat Joe Biden.

Advertisement

“It is ⁠irresponsible and dangerous that this Administration remains dead set on ​causing chaos for ​our election officials across this ​country,” Arizona secretary of state Adrian Fontes said in a ​Thursday statement. “This ‌move undermines the integrity ​of nonpartisan ​election administration.”

The 2002 law that established the commission, the Help America Vote Act, states the president can appoint replacements to the commission.

It is unclear how Trump will move ahead with the commission.

Reuters contributed reporting

Advertisement
Continue Reading

News

Former Olympian pleads not guilty in reflecting pool vandalism charges

Published

on

Former Olympian pleads not guilty in reflecting pool vandalism charges

Former U.S. Olympian David Hearn (left) walks with his attorney Norman Eisen to speak to reporters and protesters gathered after his arraignment at the Superior Court of the District of Columbia in Washington, D.C. on Thursday.

Finn Gomez/Getty Images


hide caption



toggle caption

Advertisement

Finn Gomez/Getty Images

Former U.S. Olympic canoeist David Hearn pleaded not guilty to damaging the Lincoln Memorial Reflecting Pool in D.C. Superior Court Thursday morning.

Federal prosecutors charged Hearn with a single count of destruction of property causing more than $1,000 in damage to the pool.

Hearn has previously claimed, which his attorneys repeated during a short press conference outside the court, that he simply touched the water in the pool out of curiosity.

Advertisement

The Trump administration had just completed a $14 million renovation of the pool.

But shortly after the work finished, peeling paint and algae gathered in the water. The remodel has been largely criticized as a massive failure and waste of taxpayer dollars.

Superior Court Judge Carmen McLean released Hearn on his own recognizance. His next hearing is scheduled for Aug. 5.

Norm Eisen, one of Hearn’s attorneys, spoke to reporters outside of court following the hearing. He said the administration is using Hearn as a “scapegoat … for their own failures.”

“It is not a crime to touch the reflecting pool, to touch water in the United States of America,” he said.

Advertisement

Prosecutors say there is a host of evidence against Hearn.

This is a developing story.

Continue Reading
Advertisement

Trending