Skip to content
American Justice Notebook
Menu
  • Home
  • About The Editor/Publisher
  • Notes – Cases – Thoughts & Quotes
  • Contact’/Subscribe
Menu
Laptop with a person in a hoodie in front of it.

Botnet That Infected 19 Million IP Addresses, Committing Cyber Attacks, Fraud, Child Exploitation and Bomb Threats Dismantled

Posted on May 29, 2024

The U.S. Justice Department led a court-approved international law enforcement operation that successfully dismantled a botnet.

The botnet was used for perpetrating cyber attacks, extensive fraud, child exploitation, harassment, bomb threats, and violations of export regulations, officials stated.

YunHe Wang, a 35-year-old individual who holds citizenship in both the People’s Republic of China and St. Kitts and Nevis through investment, was apprehended on May 24, according to officials.

He faces criminal charges related to using malicious software and establishing and managing a home proxy service called “911 S5.”

An indictment that was made public on May 24 reveals that Wang and his associates are accused of developing and distributing malicious software to infiltrate and control a vast network of household Windows computers throughout the globe, spanning from 2014 to July 2022.

These devices were linked to over 19 million distinct IP addresses, including 613,841 IP addresses situated in the United States.

Wang then amassed millions of dollars by providing hackers with paid access to these compromised IP addresses.

According to Attorney General Merrick B. Garland, the Justice Department organized this operation to dismantle 911 S5, a botnet that allowed for cyberattacks, extensive fraud, child exploitation, harassment, bomb threats, and violations of export laws.

YunHe Wang was arrested due to his involvement in the creation and operation of a botnet, as well as the deployment of malware.

This prosecution demonstrates that the law’s jurisdiction extends beyond national boundaries and into the dark web’s most hidden corners.

FBI Director Christopher Wray stated that the FBI collaborated with foreign partners to carry out a coordinated cyber operation to destroy the 911 S5 Botnet, which is believed to be the largest botnet in the world.

The 911 S5 Botnet compromised computers in around 200 countries and enabled a wide range of computer-based criminal activities, such as financial scams, identity theft, and child abuse, according to Wray.

As per court records, Wang is accused of spreading his malicious software using Virtual Private Network (VPN) programs like MaskVPN and DewVPN (which he operated as torrent distribution models) and pay-per-install services that packaged his malware with other program files, including pirated versions of licensed software or copyrighted materials.

closeup photo of turned-on blue and white laptop computer
Photo by Philipp Katzenberger on Unsplash

Wang thereafter oversaw and governed around 150 specialized servers across the globe, with approximately 76 of them being rented from American online service providers.

Wang utilized the specialized servers to deploy and oversee apps, exercise authority over the compromised devices, administer his 911 S5 service, and provide paying users the ability to connect to proxied IP addresses linked to the compromised devices.

The 911 S5 client interface software, hosted on servers located in the United States, facilitated the ability of cybercriminals located outside of the United States to acquire goods using stolen credit cards or illegally obtained funds, and unlawfully transport them outside of the United States in violation of U.S. export laws, such as the Export Administration Regulations (EAR). The 911 S5 client interface may also include encryption or other functionalities that make it subject to export regulations specified in the EAR. Hence, if certain foreign individuals download the 911 S5 client interface software without a license, it may be considered a breach of the EAR regulations.

100 us dollar bill

According to the indictment, Wang is accused of receiving almost $99 million between 2018 and July 2022 from selling hijacked proxied IP addresses through his 911 S5 operation.

The payments were made in either bitcoin or fiat cash. Wang utilized the unlawfully acquired profits to buy real estate in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates.

The indictment lists numerous assets and properties that are eligible for confiscation, such as a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than twelve domestic and international bank accounts, over twenty cryptocurrency wallets, several high-end wristwatches, 21 residential or investment properties located in Thailand, Singapore, the U.A.E., St. Kitts and Nevis, and the United States, and 20 domains.

red padlock on black computer keyboardDuring an investigation into a money laundering and smuggling operation, law enforcement primarily targeted 911 S5.

This operation involved criminal individuals in Ghana and the United States.

They used hijacked IP addresses obtained from 911 S5 to make fraudulent purchases using stolen credit card information on the Army and Air Force Exchange Service (AAFES) online shopping platform called ShopMyExchange.

Despite submitting over 2,525 fraudulent orders for $5.5 million, credit card fraud detection systems and federal investigators successfully prevented most of the attempted purchases, resulting in an actual loss of about $254,000.

Wang is accused of engaging in a conspiracy to commit computer fraud, committing computer fraud, participating in a conspiracy to commit wire fraud, and participating in a conspiracy to commit money laundering. If found guilty on all charges, Wang could be sentenced to a maximum of 65 years in jail.

Law enforcement agencies in the United States, Singapore, Thailand, and Germany coordinated this operation on a global scale.

Law enforcement agents and officers conducted searches of homes, confiscated assets worth around $30 million, and discovered further property that can be taken and valued at approximately $30 million.

The operation also confiscated 23 domains and more than 70 servers that formed the core infrastructure of Wang’s previous home proxy service and the most recent version of the business.

The government has effectively put an end to Wang’s attempts to harm individuals through his newly established service Clourouter.io and has closed the existing malicious backdoors by taking control of multiple domains associated with the historical 911 S5 and other domains and services connected to Wang’s efforts to revive the service.

On May 28, the Treasury Department’s Office of Foreign Assets Control (OFAC) imposed financial restrictions on Wang, Jingping Liu, and Yanni Zheng due to their involvement with 911 S5.

Additionally, three businesses were sanctioned for being owned or managed by Wang.

The FBI Dallas and Denver Field Offices, DCIS Cyber Field Office, and BIS Office of Export Enforcement’s Dallas field office are investigating the matter.

Along with Assistant U.S. Attorneys Camelia Lopez and William Tatum for the Eastern District of Texas, Trial Attorneys Candy Heath and Lydia Lichlyter from the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.

COURT INFORMATION LINKS:

US SUPREME COURT FEDERAL COURT WEBSITE LINKS FBI PRESS RELEASES / MOST WANTED CIA PRESS RELEASES / LIBRARY DEPARTMENT OF JUSTICE / PRESS RELEASES FEDERAL TRADE COMMISSION: HOW TO HIRE A LAWYER FEDERAL COUNTER TERRORISM GUIDE AMERICAN COURTHOUSE INFORMATION

NEWS SOURCES:

THE GUARDIAN CNN NEWS COURTHOUSE NEWS SERVICE THE NEW REPUBLIC HUFFINGTON POST CBS NEWS MSNBC NEWS MEDIA MATTERS FOR AMERICA CENTER FOR PUBLIC INTEGRITY NPR NEWS INSTITUTE FOR FREE SPEECH BBC ROLLING STONE FACTCHECK.ORG

TODAY'S QUOTE

"If there is a bedrock principle underlying the First Amendment, it is that the government may not prohibit the expression of an idea simply because society finds the idea offensive or disagreeable."
— William J. Brennan Jr.

INVESTIGATIVE JOURNALISM

PROPUBLICA INVESTIGATIVE JOURNALISM REPORTS

“The Founding Fathers gave the free press the protection it must have to bare the secrets of government and inform the people.” – Justice Hugo Black

THE WHISTLEBLOWER

©2026 American Justice Notebook | Design: Newspaperly WordPress Theme