It was very recently revealed that a global law enforcement effort took down a massive botnet that was in action for almost a decade. In light of this, we wanted to review what a botnet is and how it works, drawing from these events for some context.
Let’s begin by summarizing the situation.
It has been alleged by the Justice Department that YunHe Wang, a 35-year-old national of the People’s Republic of China, created and disseminated malware that compromised millions of private Windows computers around the world and incorporated them into a massive botnet known as 911 S5. According to the indictment, Wang then provided access to the 19 million infected IP addresses to other cybercriminals, personally amassing millions of dollars.
Court documents state that Wang was able to accomplish this by offering a free virtual private network—allowing 911 S5 users to hide their traffic in these machines—and by bundling it in with pirated software downloads. The cybercriminals that he allegedly sold this access to then used the undermined computers to commit a litany of crimes, including cyberattacks of their own, widespread fraud, online harassment, child exploitation, export violations, and bomb threats. According to the claims made in the indictment, Wang’s approximately $99 million in sales between 2018 and July of 2022 allowed him to purchase various assets around the world, including 21 pieces of property, numerous vehicles, cryptocurrency wallets, and much more.
According to the indictment, 911 S5 has also enabled the theft of billions from financial institutions, credit card issuers, and federal lending programs, as well as fraudulent claims being made to pandemic relief programs.
Law enforcement first caught wind of this operation when IP addresses purchased from 911 S5 were used with stolen credit card details to place orders on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. After an international investigation, Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, as well as conspiracy to commit money laundering… all of which could potentially penalize him with 65 years in prison, should he be convicted on all counts.
A botnet is a collection of Internet-connected computers and other devices that are networked together and can be used to accomplish a bad actor’s goals without the owner knowing. There are various uses that cybercriminals have for botnets. Some will use them as the muscle behind a cyberattack, committing the computing resources of every involved device to overcoming a system’s protections. Others will use them to perform credential stuffing, which is a means of breaking into an account by trying lists of stolen usernames and passwords. Some will use them to mine for cryptocurrency.
Long story short, it’s a lot of people’s devices being used without their knowledge or permission to do something most of those people likely wouldn’t approve of.
First and foremost, always, always, always download any software from a legitimate and verifiable source. It’s good to remember that nothing is ever free… you’ll always pay for it in some way, shape, or form. In the case of all the people who used the “free” VPN, they paid for it by having their devices co-opted for cybercriminal activity.
If you are one of these people, it is important that you remove the applications installed by 911 S5, which the FBI has provided some guidance into.
Second, 911 S5 is relevant enough that it bears bringing up the dangers of shadow IT in a business. While it was targeted at personal users and computers, is it really that hard to think that one of your team members might have installed it or something similar? You need to know that your team will not just go and install things on their own computers, and that they’ll turn to IT for help in obtaining what they need.
Otherwise, they run the risk of installing pirated or cracked software (software with its copy protections removed), which can very easily cause both operational and legal troubles for your business… and that’s without taking the potential of being part of a botnet into account.
If you need an IT resource for your team to turn to, we’re here to help. FRS Pros helps Nationwide businesses with all things information technology, and we do it in such a way that, ideally, you won’t even know we’re there. Give us a call at 561-795-2000 today to learn more.