News
Chinese national charged with operating ‘world’s largest botnet’ linked to billions in cybercrimes
Colonial Pipeline hack only latest in rising ransomware threats
Hackers hit hundreds of critical systems last year and watchdogs say we’re not doing enough head off more.
STAFF VIDEO, USA TODAY
A Chinese national has been arrested for his role in operating a residential proxy service that was used to defraud billions of dollars from the U.S. government and fund his lavish lifestyle, which included buying luxury cars and property around the world, the Department of Justice announced Wednesday.
YunHe Wang, 35, was arrested on May 24 and charged with creating a massive network of hijacked computer devices, also known as a “botnet,” that was used to conduct cyber attacks, fraud, child exploitation, bomb threats, and export violations, the department alleged. Wang administered the botnet, called “911 S5,” through about 150 servers worldwide from 2014 to 2022, according to an indictment unsealed last week.
About 76 of the servers were leased from online service providers based in the United States, the indictment said. The botnet infected over 19 million IP addresses in nearly 200 countries, including over 613,000 IP addresses located in the United States, according to prosecutors.
The Justice Department announcement comes after Wang and his two co-conspirators, Jingping Liu and Yanni Zheng, were sanctioned by the Department of Treasury for their alleged involvement with the malicious botnet. The department also imposed sanctions on three luxury companies Wang owned or controlled.
Authorities also searched Wang’s residences and seized assets valued at about $30 million as well as identifying other property valued at roughly an additional $30 million, prosecutors said.
“The conduct alleged here reads like it’s ripped from a screenplay,” Matthew Axelrod, assistant secretary for export control at the Department of Commerce, said in a statement Wednesday. “A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate.”
The Department of Justice partnered with the FBI and international law enforcement agencies in Singapore, Thailand, and Germany to dismantle the botnet and arrest Wang. The case is the latest in the federal government’s ongoing effort to thwart global cybercrime, which has become increasingly widespread.
These crimes can range from intellectual property theft to ransomware and can cost businesses billions of dollars in losses in addition to threatening critical sectors across the country, according to the Department of State. In recent years, federal authorities have expanded their international operations and country-to-country partnerships in order to better address cyber threats.
‘Urgency and severity of cyberattacks’: EPA urges water utilities to protect nation’s drinking water amid heightened cyberattacks
911 S5 Botnet ‘likely the world’s largest botnet ever’
FBI Director Christopher Wray said in a statement Wednesday that 911 S5 is “likely the world’s largest botnet ever.” According to the indictment, Wang allegedly spread his malware through Virtual Private Network programs and pay-per-install services, which allowed him to manage and control the roughly 150 servers.
Paying customers were then given access to proxied IP addresses that were linked to the hacked devices, the indictment said. Cybercriminals used those addresses to hide their locations and “anonymously commit a wide array of offenses,” the Department of Justice alleged.
“These offenses including financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials,” according to the department. “Since 2014, 911 S5 allegedly enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs.”
Specifically, the botnet targeted COVID-19 pandemic relief programs and filed an estimated 560,529 fraudulent unemployment insurance claims, according to the indictment. Federal authorities confirmed that more than $5.9 billion was stolen as a result.
The indictment further alleged that Wang had amassed about $99 million — either in cryptocurrency or fiat currency — from his sales of the infected proxied IP addresses. He used the illicit proceeds to purchase luxury assets and property.
Wang bought property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates, according to the indictment. He also had dozens of other assets, such as luxury cars, watches, international bank accounts, and cryptocurrency wallets.
Wang was charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum of 65 years in prison.
Cybercrime, COVID fraud in the U.S.
Cybercrime is a “significant and growing threat” to the country’s national and economic security, according to the State Department. As people become more dependent on information and communication technologies, the department said more criminals continue to shift online.
Wang’s arrest also comes amid a push from federal officials for organizations to update and follow cybersecurity guidelines. Federal agencies have issued multiple advisories for cyberattacks committed by foreign groups in recent years.
In January, the FBI and Department of Justice announced that they had “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked” by China-linked hackers. The group, known as “Volt Typhoon,” targeted critical infrastructure organizations in the United States, such as water systems and electric grids.
The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.
“Cybercriminals find the uncertainty brought by changing daily habits opportune and the increased virtual existence is converted into available attack vectors,” the study noted.
In the four years since the onset of the pandemic, the Internal Revenue Service has investigated over 1,600 tax and money laundering cases related to COVID-19 fraud potentially worth about $8.9 billion, the agency said in March. Cases included fraudulently obtained loans, credits and payments meant for U.S. workers, families and small businesses under the Coronavirus Aid, Relief and Economic Security, or CARES, Act.
Contributing: Josh Meyer, USA TODAY
A Frontier Airlines plane hit a person on the runway of Denver’s international airport during takeoff, sparking an engine fire and forcing passengers to evacuate, authorities said.
The plane, headed to Los Angeles, “reported striking a pedestrian during takeoff” at about 11.19pm on Friday, the Denver airport’s official X account wrote.
Neither the airport nor the airline has disclosed the person’s condition.
“We’re stopping on the runway,” the pilot of the plane involved told the control tower at one point, according to the site ATC.com. “We just hit somebody. We have an engine fire.”
The pilot told the air traffic controller they have “231 souls” on board – and that an “individual was walking across the runway”.
The air traffic controller responded that they were “rolling the trucks now” before the pilot told the tower they “have smoke in the aircraft”.
“We are going to evacuate on the runway,” the pilot added.
Frontier Airlines said in a statement that flight 4345 was the one involved in the collision – and that “smoke was reported in the cabin and the pilots aborted takeoff”. It was not clear whether the smoke was linked to the crash with the person.
The plane, an Airbus A321, “was carrying 224 passengers and seven crew members”, the airline said. “We are investigating this incident and gathering more information in coordination with the airport and other safety authorities.”
Passengers were then evacuated using slides, and the emergency crew bused them to the terminal.
Denver’s airport said the National Transportation Safety Board (NTSB) had been notified and that runway 17L – where the incident took place – will remain closed while an investigation is conducted.
Friday’s episode at Denver’s airport came one day after a Delta Airline employee died on Thursday night at Orlando’s international airport when a vehicle struck a jet bridge next to an airplane with passengers onboard, as the local news outlet WESH reported.
Meanwhile, on 3 May, a United Airlines plane arriving in Newark, New Jersey, from Venice, Italy, clipped a delivery truck and a light pole, which in turn struck a Jeep. Only the delivery truck driver was injured, but the plane was damaged extensively and the NTSB classified the case as an accident while also opening an investigation.
new video loaded: How Trump Is Prioritizing White People as Refugees
By Zolan Kanno-Youngs, Gilad Thaler, Stephanie Swart, Jon Miller and Whitney Shefte
May 8, 2026
An image recorded on the Moon during the Apollo 12 mission in 1969 shows the shadows of astronauts, along with a highlighted area above the horizon showing “unidentified phenomena,” according to the Defense Department.
NASA/via Defense Department
hide caption
toggle caption
NASA/via Defense Department
Cold War reports of mysterious rotating saucers; recent sightings of metallic elliptical objects floating in mid-air. Those and other reports of unidentified anomalous phenomena or UAPs — the military’s term for UFOs — are described in a trove of documents released by the Department of Defense on Friday.
In all, the Pentagon released more than 160 records, citing President Trump’s call for unprecedented transparency in giving the public access to federal and military records related to unexplained encounters with strange phenomena.
President Trump said via Truth Social that with the documents and other records available to the public, “the people can decide for themselves, ‘WHAT THE HELL IS GOING ON?’ Have Fun and Enjoy!”
The records are posted to a specialized web portal, war.gov/info, which will house additional files as they’re released on a rolling basis.
“These files, hidden behind classifications, have long fueled justified speculation — and it’s time the American people see it for themselves,” Defense Secretary Pete Hegseth said in a Defense Department posting on Facebook as it made the files public.
Friday’s action “is the first in what will be an ongoing joint declassification and release effort,” Director of National Intelligence Tulsi Gabbard said.
One document cites unusual phenomena arising during the debriefing of the Apollo 11 technical crew in July of 1969, attributing three observations to astronaut Buzz Aldrin, from that lunar mission: “one, an object on the way out to the Moon; two, flashes of light inside the cabin; and three, a sighting on the return trip of a bright light tentatively assumed by the crew to be a laser.”
One of the oldest files dates from November 1948. The report from the U.S. Air Force Directorate of Intelligence is marked Top Secret, and it notes recurring instances of unidentified objects spotted in the skies over Europe.
“They have been reported by so many sources and from such a variety of places that we are convinced that they cannot be disregarded,” the report states, “and must be explained on some basis which is perhaps slightly beyond the scope of our present intelligence thinking.”
The report goes on to say that U.S. officers consulted their peers in Sweden’s intelligence service about the objects, and they were told, “these phenomena are obviously the result of a high technical skill which cannot be credited to any presently known culture on earth.”
That document is seemingly free of redactions. But many details in a more recent entry are obscured, as it relays the account of a woman with deep experience with U.S. military aircraft and drones who reported an inexplicable sighting in September of 2023, in an area where airspace had been closed for testing purposes.
Materials related to that incident include a composite sketch of an ovaloid metallic object floating above a treeline, with a bright light at one end of the object.
“They watched the object for five to ten seconds and then the object just disappeared,” the report states.
Several people in at least two cars corroborated the sighting, according to the report. It states that the unidentified woman who spoke to the FBI ” would not have reported the object if she had seen it by herself.”
And hinting at the stigma that is seen as a prevalent challenge to collecting and discussing such eyewitness accounts, the report states, “Several of her co-workers subsequently made fun of her due to her report.”
Some records include venerable witnesses — such as a well-known case in 1955, when a group led by then-Sen. Richard Russell, who chaired the Senate Armed Services Committee at the time, reported that they saw two strange objects from the window of a train in the former Soviet Union. The group, which included U.S. Army Lt. Col. E. U. Hathaway, reported seeing what looked to be “flying disc aircraft.”
The U.S. Air Attache who prepared the report describes the witnesses as “excellent sources.”
That 1955 sighting was described in records previously released by the CIA. But that report, based on a cable received from the U.S. Air Force, seems to have been partially redacted.
The report of the unidentified object isn’t the only bit of intelligence that the American visitors brought back: the folder also includes descriptions and a diagram of a jet bomber, and accounts of a railroad switching system designed to resolve the differing widths of Russian and Czech train tracks.
-
Business3 minutes agoChina’s Exports and Imports Set Records in April Amid High Energy Costs
-
Science9 minutes agoVideo: Pentagon Releases U.F.O. Files
-
Health15 minutes agoHantavirus Vaccines and Treatments Are in the Pipeline
-
Culture27 minutes agoBook Review: ‘Selling Opportunity,’ by Mary Lisa Gavenas
-
Lifestyle33 minutes agoHunting For Lexapro Clocks, Viagra Neckties and Other Vintage Pharmaceutical Merch
-
Technology45 minutes agoDyson’s powerful 360 Vis Nav robovac is down to $279.99 for a limited time
-
World51 minutes agoAs Trump forces NATO to pay up, alliance races to close military gap with US
-
Politics57 minutes agoInside the US military playbook to cripple Iran if nuclear talks collapse