‘World’s largest botnet’ knocked offline after raking in billions

Anthony Cuthbertson
·3-min read
A heatmap of a botnet displayed at Microsoft's Cybercrime Center (Reuters)
A heatmap of a botnet displayed at Microsoft's Cybercrime Center (Reuters)

One of the world’s biggest botnet networks, responsible for stealing close to $6 billion (£4.7bn), has been shut down following an international effort from law enforcement agencies.

The US Justice Department, which led the operation, said the 911 S5 botnet comprised more than 19 million hijacked devices, which were being used to facilitate cyber attacks, large-scale fraud, bomb threats and even child exploitation.

Chinese national YunHe Wang, 35, was arrested on 24 May on suspicion of creating and operating the 911 S5 botnet from his home in St. Kitts and Nevis.

“This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5,” said US Attorney General Merrick Garland.

“This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cyber criminals to account.”

The FBI said the 911 S5 botnet infected computers in nearly 200 countries around the world, which were then controlled through 150 dedicated servers allegedly set up by Mr Wang.

An indictment unsealed on 24 May claimed that malware was used to infect and compromise millions of residential computers between 2014 and 2022, forming the botnet that was then able to carry out the cyber crimes.

Mr Wang allegedly sold access to the botnet to criminals, who then used it to bypass fraud detection systems in order to steal billions of dollars from financial institutions.

One target was reportedly a pandemic relief program in the US, which saw the botnet used to fraudulently make insurance claims from the hijacked IP addresses. More than half a million false claims resulted in losses of $5.9 billion for the programs, according to the FBI.

“Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet – likely the world’s largest botnet ever,” said FBI Director Christopher Wray.

“We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators... We will work tirelessly to unmask and arrest the cybercriminals who profit from this illegal activity.”

Mr Wang made around $99 million by selling access to the botnet, according to the indictment, which he used to purchase real estate in the US, St. Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates.

Other assets subject to forfeiture are two BMWs, a Ferrari, a Rolls Royce and several luxury wristwatches.

“The conduct alleged here reads like it’s ripped from a screenplay: A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials – then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate,” said Matthew Axelrod of the US Department of Commerce’s Bureau of Industry and Security.

“What they don’t show in the movies though is the painstaking work it takes by domestic and international law enforcement, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen.”

Mr Wang faces a maximum penalty of 65 years in prison if convicted.

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories

  • Horrifying moment husband wheels suitcase containing murdered wife from home while carrying child

    A husband who strangled his wife in front of her two children and lover on a video call was captured wheeling the suitcase containing her body out of his home.

  • As AG stays silent, Rosmah presses on with bid to strike out money laundering and tax evasion charges

    KUALA LUMPUR, July 4 — Datin Seri Rosmah Mansor's money laundering and tax evasion trial proceeded today despite the lac...

  • 74-year-old woman dies after being shoved in front of San Francisco train

    Corazon Dandan died after being pushed into an oncoming BART train at San Francisco’s Powell Street Station at around 11 p.m on Monday night. The suspect, 49-year-old Trevor Belmont, also known as Hoak Taing, was arrested at the scene and booked into the San Francisco County Jail on suspicion of homicide and elder abuse. Dandan, who was Filipino American, was a dedicated telephone operator at the Westin St. Francis and other hotels.

  • Predator teacher Rebecca Joynes weeps as she is jailed for having sex with two teenage boys

    Rebecca Joynes cried in the dock as she was sentenced for six counts of engaging in sexual activity with a child, including two while being a person in a position of trust

  • Canadian Police Seek Suspects in Pants-on-Fire Arson

    One of two suspects in an arson in Richmond, British Columbia, set himself on fire and “despite efforts of both the suspects, [his] pants continued to burn,” according to Royal Canadian Mounted Police (RCMP).The RCMP released footage of the incident, which they said occurred in the early hours of April 24.“At approximately 4:30 am Richmond RCMP attended for an alarm at a business located in the 2600 block of Simpson Road,” police said.“Frontline officers located a broken window and small fire directly in front of it. Evidence was also located which indicated the fire had been intentionally set.“A subsequent review of video surveillance from the area determined that two unidentified men wearing masks had approached the business on foot prior to allegedly smashing the window and then lighting an object on fire. While lighting it, one of the suspect

  • Newborn Baby Found Still Attached to Unconscious Mom on Grass Outside Hotel, Both Parents Charged

    A Good Samaritan found the baby and cared for it while waiting for paramedics

  • Mom's Boyfriend Allegedly Got Frustrated When Her Son, 1, Couldn't Walk by Himself. Now He's Charged with Murder

    Christian Moniz Rabino, 28, has been charged with first-degree murder and two counts of child neglect and abuse

  • Crocodile attack: Remains found of 12-year-old girl attacked while swimming in remote Australian creek

    The remains of a 12-year-old girl attacked by a crocodile while swimming in a remote creek have been found by police in Australia. The unnamed child was reported missing at about 5.30pm local time on Tuesday shortly after she was swimming in Mango Creek, near Palumpa, a remote town of around 350 people seven hours by road from Darwin, the capital of Australia's Northern Territory. It was reported that a black crocodile was seen in the immediate area, police told ABC Radio.

  • Lebanon's Hezbollah rains 200 rockets on Israel as Gaza war rages

    Lebanon's Hezbollah launched more than 200 rockets and drones at Israeli army positions on Thursday, escalating tensions between the two adversaries amid the Israel-Hamas war in Gaza.After months of deadlocked Gaza ceasefire efforts, Israeli Prime Minister Benjamin Netanyahu said he agreed to send a delegation for talks aimed at securing the release of hostages seized in Hamas's October 7 attack that sparked the war.The announcement, which came a day after Hamas said it had "ideas" on halting the nearly nine-month conflict, followed a phone call between Netanyahu and US President Joe Biden."The leaders discussed the recent response received from Hamas" and "the President welcomed the Prime Minister's decision to authorise his negotiators to engage with US, Qatari and Egyptian mediators in an effort to close out the deal," the White House said.Israel launched a military offensive against Hamas in the Gaza Strip on October 7, in response to an unprecedented attack by the Palestinian Islamist militant group on its territory.The next day Hezbollah, in support of its ally Hamas, opened a front on Israel's northern border with Lebanon, and the two sides have since exchanged near-daily cross-border fire.Hezbollah said it fired more than 200 rockets and "explosive drones" at army positions in northern Israel and the Israeli-annexed Golan Heights in retaliation for an Israeli strike that killed one of the Iran-backed group's commanders.Air raid sirens blared across northern Israel in the morning, and an AFP correspondent witnessed rockets crossing the frontier that were mostly intercepted by Israeli air defences but sparked wildfires.A military source said later a soldier was killed by a rocket fired into northern Israel.- Fighting in Gaza City -The Gaza war broke out after Hamas's October 7 attack on southern Israel resulted in the deaths of 1,195 people, mostly civilians, according to an AFP tally based on Israeli figures.The militants also seized 251 hostages, 116 of whom remain in Gaza including 42 the army says are dead.In response, Netanyahu vowed to "crush" Hamas and Israel's military launched an offensive that has killed at least 38,011 people in Gaza, also mostly civilians, according to figures from the Hamas-run territory's health ministry.Gaza's civil defence agency said seven people were killed Thursday in Israeli strikes, including five in a school in Gaza City, in the north of the besieged territory.Fighting raged in the city's Shujaiya neighbourhood and in Rafah, on the southern border with Egypt, where an Israeli evacuation order raised fears of a major new offensive.Since the order was issued on Monday, tens of thousands of Palestinians have fled eastern areas of Rafah and nearby Khan Yunis.The United Nations says 1.9 million people are thought to be displaced in Gaza, and that around nine in every 10 people in the territory have been uprooted at least once since the war broke out."Behind these numbers, there are people... that have fears and grievances. And they had probably dreams and hopes; the less and less, I fear today, unfortunately," said Andrea De Domenico, head of the UN humanitarian office in the Palestinian territories."People who in the last nine months have been moved around like pawns in a board game."- Evacuation order -The United Nations says up to 250,000 people were affected by Israel's order to evacuate 117 square kilometres (45 square miles) -- equivalent to one-third of Gaza's territory.The Israel-Hezbollah border clashes have killed at least 496 people in Lebanon, most of them fighters but also including 95 civilians, according to an AFP tally.Israeli authorities say at least 16 soldiers and 11 civilians have been killed on their side of the UN-patrolled border.The Gaza war at the heart of the violence has meanwhile raged on, with gun battles, air strikes and shelling rocking Gaza City for an eight straight day.Israeli troops "destroyed tunnel routes in the area and eliminated dozens of terrorists in close-quarters combat with tank fire, and in aerial strikes," the military said.- 'Maelstrom of human misery' -Israel has faced an international outcry over the soaring civilian death toll, punishing siege and mass destruction in Gaza.The UN humanitarian coordinator for Gaza, Sigrid Kaag, this week called for an end to the "maelstrom of human misery".Netanyahu has insisted Israel will destroy Hamas and bring home the remaining hostages.Biden, under growing domestic pressure over Washington's support for Israel, in late May outlined a roadmap for a six-week truce and exchange of hostages for Palestinian prisoners.There has been little progress since, but Hamas said Wednesday it was communicating with officials in Qatar and Egypt as well as Turkey with an eye to ending the conflict.Hamas said its Qatar-based political chief Ismail Haniyeh had "made contact with the mediator brothers in Qatar and Egypt about the ideas that the movement is discussing with them with the aim of reaching an agreement".Netanyahu's office said Wednesday that "Israel is evaluating the (Hamas) remarks and will convey its reply to the mediators".The main stumbling block so far has been Hamas's demand for a permanent end to the fighting, which Netanyahu and his far-right coalition partners strongly reject.burs-dv/kir

  • ‘Sex predator’ teacher facing jail

    Rebecca Joynes, 30, had a baby with one of the two schoolboys she groomed.

  • ‘Brave’ police dog dies while chasing attempted murder suspect through park

    ‘PD Zyla died in the line of duty and will always be remembered for her bravery,’ police said in a statement

  • Swedish diplomat recalls darkest moments in Iran prison

    After almost 800 days in Iran's notorious Evin prison, the now-free Swedish diplomat Johan Floderus recalled the darkest moments throughout his imprisonment and how he survived them.The EU diplomat was then taken by car to the north of Tehran, where he recognised Evin prison.

  • Former Philippine leader Duterte and aide accused of steering government contracts to cronies

    A former Philippine opposition senator accused ex-President Rodrigo Duterte of plundering state coffers in a criminal complaint filed Friday, alleging that he conspired with an aide to award government infrastructure contracts worth millions of dollars to cronies. Filed with the Department of Justice in Manila, the accusation adds to the former president’s legal worries, which include an investigation by the International Criminal Court into allegations of crimes against humanity over the widespread killings of suspects during Duterte's crackdown on illegal drugs. Former Sen. Antonio Trillanes IV said two construction companies, owned by the father and brother of longtime Duterte aide and now Sen. Christopher Lawrence Go, received more than 100 government construction contracts worth at least 6.6 billion pesos ($114 million) from 2007 to 2018 in the southern city of Davao, while Duterte was mayor and vice mayor and after he became president in 2016.

  • Calif. Man Convicted in 2018 Hate-Motivated Murder of Gay Ex-Classmate Blaze Bernstein

    On July 3, an Orange County jury convicted Samuel L. Woodward, 26, of first-degree murder with a hate crime enhancement

  • Ipsos report: Malaysians show rising confidence in cops, two-thirds believe officers treat everyone equally

    The Ipsos Malaysia Crime Monitor report showed that Malaysians have increasing confidence in law enforcement, with 66...

  • Too late to sue me for RM1.6b, Rosmah tells 1MDB, others

    KUALA LUMPUR, July 5 — Datin Seri Rosmah Mansor has contended that 1MDB and 10 other entities could no longer sue her fo...

  • American Airlines Flight Makes Emergency Landing After Passenger Allegedly Exposes Himself, Urinates in Aisle

    American Eagle flight 3921 made the emergency landing on July 3 “due to a disruptive customer," the airline tells PEOPLE

  • Two Americans convicted of killing Italian police officer have sentences reduced

    An Italian appeals court on Wednesday upheld the convictions of two Americans accused of killing an Italian police officer in 2019, but further reduced their terms from the original life sentences both men were handed in 2021.

  • Third person arrested in Hull funeral directors investigation

    A third person has been arrested as part of an investigation into a funeral directors in Hull.

  • Gavin Plumb: 35-stone loner who drank 18 litres of cola every 10 days and obsessed over Holly Willoughby

    At his heaviest he was 35 and-a-half stone and drank 18 litres of cola every 10 days while living in a rubbish-strewn council flat.