BUSTED: World’s Largest Botnet (911 S5)

911 S5 botnet

Written by Georg Lindsey

I am the co-founder and CEO of CGNET. I love my job and spend a lot of time in the office -- I enjoy interacting with folks around the world. Outside the office, I enjoy the coastline, listening to audiobooks, photography, and cooking. You can read more about me at here.

December 5, 2024

I don’t usually blog about news stories, but with so much negative, depressing, and scary information about cybercrime and malware out there, it’s refreshing to see a win for our side. While this victory might not make a significant dent in the cybercrime industry, it’s still encouraging to witness—and read about. Plus, it’s kind of fun to think about, in a detective story sort of way.

The U.S. Department of Justice (DOJ) successfully dismantled the 911 S5 botnet, one of the world’s largest, in a coordinated international operation in May 2024. This massive botnet infected over 19 million IP addresses globally, including more than 613,000 in the United States. The takedown involved collaboration between law enforcement agencies in the United States, Singapore, Thailand, and Germany.

Key Details of the Operation

  • Arrest: YunHe Wang, a 35-year-old Chinese national, was arrested in Singapore on May 24, 2024, for creating and operating the 911 S5 botnet.
  • Infrastructure Seizure: Authorities seized 23 domains and over 70 servers tied to the botnet’s infrastructure.
  • Financial Impact: Wang allegedly earned $99 million by selling access to the hijacked IP addresses.
  • Asset Seizure: Approximately $30 million worth of assets were confiscated, including luxury cars, properties, bank accounts, and cryptocurrency wallets.

Scope of Criminal Activities

The 911 S5 botnet enabled a range of criminal activities, including:

  • Financial fraud: Estimated losses of $5.9 billion, particularly through fraud against pandemic relief programs.
  • Identity theft and access to child exploitation materials.
  • Harassment and bomb threats.
  • Illegal exportation of goods.

International Cooperation

This operation required extensive collaboration between international law enforcement agencies, demonstrating the global nature of cybercrime and the importance of multinational efforts in combating it.

Additional Actions

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wang and two alleged co-conspirators, Jingping Liu and Yanni Zheng, for their roles in operating the 911 S5 botnet. This takedown is part of the Justice Department’s ongoing efforts to combat cybercrime and dismantle major botnets worldwide.

This story is a reminder that, while cybercriminals are becoming increasingly sophisticated, law enforcement agencies and their partners are also stepping up their game. Here’s to more wins like this in the future!

Written by Georg Lindsey

I am the co-founder and CEO of CGNET. I love my job and spend a lot of time in the office -- I enjoy interacting with folks around the world. Outside the office, I enjoy the coastline, listening to audiobooks, photography, and cooking. You can read more about me at here.

You May Also Like…

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This
Subscribe