FBI Unmasks Alleged Mastermind Behind Vast Network of Hacked Devices

An international law enforcement operation led by the Department of Justice (DOJ) took down a botnet known as 911 S5, which exploited free VPNs to facilitate various cybercrimes, including fraud, harassment, and exploitation of children.

YunHe Wang, 35, a citizen of China and Saint Kitts and Nevis, was arrested on May 24 for allegedly creating and running this entire botnet system. The federal government says it used malware to infect millions of Windows personal computers around the world, creating a network with more than 19 million unique IP addresses.


Cybercriminal at work (Kurt “CyberGuy” Knutsson)

The impact of the botnet system

Wang allegedly created a system that allowed cybercriminals to hide their identities and commit crimes. It did so by creating and distributing a botnet called 911 S5 to compromise and aggregate a network of millions of residential Windows computers worldwide from 2014 to July 2022, according to the DOJ. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

FBI Director Christopher Wray called 911 S5 the largest botnet in the world. It allows cybercriminals to bypass financial fraud detection systems and steal billions of dollars from banks, credit card companies and federal loan programs. The government estimates that 560,000 false unemployment insurance claims came from compromised internet addresses, resulting in more than $5.9 billion in confirmed losses.

“Additionally, in assessing alleged fraud losses under the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL requests originated from IP addresses compromised by 911 S5,” the DOJ wrote. “Millions of additional dollars have also been identified by financial institutions in the United States as losses from IP addresses compromised by 911 S5.”

The DOJ claims that from 2018 to July 2022, Wang made approximately $99 million selling hijacked proxy IP addresses through his 911 S5 operation, receiving payments in cryptocurrency and fiat currency. Wang used the money to purchase real estate in the United States, Saint Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates.


Windows laptop on desk (Kurt “CyberGuy” Knutsson)


How the botnet worked

According to the DOJ, the malware spread through free VPN programs such as MaskVPN and DewVPN, distributed through torrent sites. It was also associated with other programs, including pirated software, using pay-per-install services.

The operator managed around 150 dedicated servers worldwide, including 76 leased from American online service providers. These servers were allegedly used to deploy and manage malicious applications, monitor infected devices, run the 911 S5 service, and provide paying customers access to the IP addresses of compromised devices.

Essentially, the operator hijacked devices by infecting them with malware, the DOJ said. The infected devices were then integrated into the botnet, allowing their IP addresses to be rented to cybercriminals. These cybercriminals could then use the hacked IP addresses to commit various crimes anonymously while hiding their true location and identity.

A woman working on her laptop (Kurt “CyberGuy” Knutsson)


Why Free VPNs Should Be Avoided

Wang’s arrest serves as a warning against using free VPN services. As reported, it allegedly exploited free VPNs like MaskVPN and DewVPN to distribute malware and allow cybercriminals to misuse the IP addresses of infected devices. However, this is not the only downside to free VPNs.

Free VPN services often lack robust data protection measures because they are generally not subject to third-party audits to verify their security practices. Free VPN users may also experience slow internet speeds and an increased risk of phishing attacks.

Instead of relying on free VPNs, you should consider investing in reputable and paid VPN services that prioritize user privacy, security, and performance. Paid VPN providers are more likely to implement robust encryption protocols, maintain strict no-logging policies, and offer faster connection speeds.


6 Proactive Steps to Take to Protect Yourself from Such Fraud

You can easily protect cybercriminals from misuse of your data or personal devices by following these steps:

1) Invest in a reputable paid VPN service: Paid VPN services offer strong encryption protocols, strict no-logging policies, and faster connection speeds, ensuring enhanced privacy and security when browsing the internet or accessing online services. A paid VPN service can also protect you from tracking and identify your potential location on websites you visit. Many sites can read your IP address and, depending on their privacy settings, display the city you correspond from. A VPN will hide your IP address to show another location. For the best VPN software, check out my expert review of the best VPNs for browsing the web privately on your computer. Windows, Mac, Android and iOS devices.

2) Have powerful antivirus software: The best way to protect yourself from malicious links that install malware that can access your private information is to install antivirus protection on all your devices. This can also alert you to any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android, and iOS devices.

3) Invest in personal data deletion services: While no service promises to remove all your data from the Internet, having a removal service is ideal if you want to continuously monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. long. Remove your personal data from the internet with my top picks here.

4) Use strong and unique passwords: Create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts. Consider using a password director to securely store and generate complex passwords. It will help you create unique and hard-to-crack passwords that a hacker will never be able to guess. Second, it also keeps track of all your passwords in one place and fills them in for you when you log into an account so you never have to remember them yourself. The fewer passwords you remember, the less likely you are to reuse them for your accounts.

5) Enable two-factor authentication: Enable two-factor authentication as soon as possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

6) Keep software and operating systems up to date: Regularly update softwareapplications and operating systems to benefit from the latest security patches and vulnerability fixes, reducing the risk of exploitation by malware or cybercriminals.

Subscribe to Kurt’s YouTube channel for quick video tips on how to get all your tech devices working.

Kurt’s Key Takeaways

Cybercriminals are finding new ways to exploit you, your data and your electronic devices. While it’s hard to predict what new tactics they have in store, you can protect yourself by being extra careful when browsing the web, dealing with phishing calls, and clicking on links. The current cybercrime situation also teaches us not to use free VPN services, even if they seem very tempting.

Do you use a free VPN or a paid VPN service? What do you like about either service? Let us know by writing to us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter.

Ask Kurt a question or tell us what stories you’d like us to cover.

Follow Kurt on his social networks:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.