Chinese national arrested for running ‘likely world’s largest’ botnet

An international law enforcement team has arrested a Chinese national and disrupted a major botnet that officials said he ran for nearly a decade, amassing at least US$99 million in profits by reselling access to criminals who used it for identity theft, child exploitation and financial fraud including pandemic relief scams.

The US Department of Justice quoted FBI Director Christopher Wray as saying on Wednesday that the “911 S5” botnet – a network of malware-infected computers in nearly 200 countries – was likely the world’s largest.

Wang was arrested in Singapore, and search warrants were executed there and in Thailand, the FBI’s deputy assistant director for cyber operations, Brett Leatherman, said. Authorities also seized US$29 million in cryptocurrency, Leatherman said.

The US is now awaiting extradition, according to Leatherman. “We want him, you know, as soon as possible,” Leatherman told reporters in a call on Wednesday.

Cybercriminals used Wang’s network of zombie residential computers to steal “billions of dollars from financial institutions, credit card issuers and accountholders, and federal lending programmes since 2014,” according to an indictment filed in Texas’ eastern district.

The administrator, Wang, sold access to the 19 million Windows computers he hijacked – more than 613,000 in the United States – to criminals who “used that access to commit a staggering array of crimes that victimised children, threatened people’s safety and defrauded financial institutions and federal lending programmes,” US Attorney General Merrick Garland said in announcing the takedown.

He said criminals who purchased access to the zombie network from Wang were responsible for more than US$5.9 billion in estimated losses due to fraud against relief programmes.

Officials estimated 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.

Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from US-based online service providers.

The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St Kitts and Nevis, where it said he obtained citizenship through investment.

In its news release, the Justice Department thanked police and other authorities in Singapore and Thailand for their assistance.

Additional reporting by Bloomberg