An international law enforcement operation led by the Department of Justice (DOJ) has disrupted a botnet known as 911 S5, which exploited free VPNs to facilitate various cybercrimes, including fraud, harassment, and child exploitation. YunHe Wang, 35, a citizen of China as well as St. Kitts and Nevis, was arrested on May 24 for allegedly creating and running this whole botnet scheme. The feds say he used malware to infect millions of personal Windows computers around the world, building a network with more than 19 million unique IP addresses.
Wang allegedly created a system that allowed cybercriminals to mask their identities and commit crimes. He did that by creating and disseminating a botnet called 911 S5 to compromise and amass a network of millions of residential Windows computers worldwide from 2014 through July 2022, according to the DOJ. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the U.S.
FBI Director Christopher Wray called 911 S5 the world’s largest botnet. It lets cybercriminals bypass financial fraud detection systems and steal billions of dollars from banks, credit card companies, and federal lending programs. The government estimates that 560,000 fake unemployment insurance claims came from compromised internet addresses, leading to over $5.9 billion in confirmed losses.
The DOJ alleges that from 2018 until July 2022, Wang made about $99 million from selling hijacked proxied IP addresses through his 911 S5 operation, receiving payments in both cryptocurrency and fiat currency. Wang used this money to buy real estate in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates.
According to the DOJ, the malware was spread through free VPN programs like MaskVPN and DewVPN, which were distributed via torrent sites. It was also bundled with other programs, including pirated software, using pay-per-install services. The operator managed around 150 dedicated servers globally, with 76 rented from U.S. online service providers. These servers were allegedly used to deploy and manage the malicious applications, control the infected devices, run the 911 S5 service, and provide paying customers with access to the IP addresses of the compromised devices.
Wang’s arrest serves as a cautionary tale against using free VPN services. As discussed, he allegedly exploited free VPNs like MaskVPN and DewVPN to distribute malware and enable cybercriminals to misuse the IP addresses of infected devices. However, this is not the only drawback of free VPNs. Free VPN services often lack robust data protection measures, as they typically do not undergo third-party audits to verify their security practices. Users of free VPNs may also experience sluggish internet speeds and an increased risk of phishing attacks.
To protect yourself from cybercriminals misusing your data or personal devices, you should consider investing in reputable, paid VPN services, strong antivirus software, personal data removal services, strong and unique passwords, two-factor authentication, and keeping your software and operating systems up-to-date. By following these proactive measures, you can enhance your online privacy and security and reduce the risk of falling victim to cybercrimes.