An international law enforcement operation led by the Department of Justice (DOJ) has successfully disrupted a botnet known as 911 S5. This botnet exploited free VPNs to facilitate various cybercrimes, including fraud, harassment, and child exploitation. The mastermind behind this scheme, YunHe Wang, a 35-year-old citizen of China and St. Kitts and Nevis, was arrested on May 24 for allegedly creating and running the operation.
Impact of the Botnet Scheme
Wang's system allowed cybercriminals to mask their identities and commit crimes by infecting millions of personal Windows computers worldwide. The botnet amassed a network with over 19 million unique IP addresses, including 613,841 in the U.S. FBI Director Christopher Wray labeled 911 S5 as the world's largest botnet, enabling cybercriminals to bypass financial fraud detection systems and steal billions of dollars.
The government estimates that the botnet led to over $5.9 billion in confirmed losses from fake unemployment insurance claims and millions more in losses from the Economic Injury Disaster Loan (EIDL) program.
Operation of the Botnet
The malware was spread through free VPN programs distributed via torrent sites and bundled with pirated software. Wang managed around 150 dedicated servers globally, with 76 rented from U.S. online service providers. These servers were used to deploy and manage the malicious applications, control infected devices, and provide paying customers with access to compromised IP addresses.
Caution Against Free VPNs
Wang's arrest highlights the risks associated with free VPN services, which lack robust data protection measures and can expose users to malware and phishing attacks. It is advisable to invest in reputable, paid VPN services that prioritize user privacy, security, and performance.
Protecting Yourself from Cybercrimes
To safeguard against cybercrimes, individuals are advised to invest in paid VPN services, use strong antivirus software, consider personal data removal services, create strong and unique passwords, enable two-factor authentication, and keep software and operating systems up-to-date.