Arrest of Wang Yunhe in Singapore, alleged to have run world’s largest botnet, a major blow to cybercrime: experts


The DOJ quoted FBI Director Christopher Wray as saying on Wednesday that the “911 S5” botnet – a network of malware-infected computers in nearly 200 countries – was likely the world’s largest.

Wang was arrested on May 24 in Singapore, with help from authorities in the city state, the US, Thailand, and Germany.

06:18

‘It’s scary’: Asian cryptocurrency scams bilk tens of thousands of ‘brainwashed’ victims

‘It’s scary’: Asian cryptocurrency scams bilk tens of thousands of ‘brainwashed’ victims

The DOJ cited an indictment, unsealed on May 24, alleging Wang and associates created and disseminated the malware to compromise and amass a network of millions of residential Windows computers worldwide from 2014 through July 2022.

These devices were associated with more than 19 million unique IP addresses, and Wang generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee.

Anthony Lim, a cybersecurity governance and fintech fellow at the Singapore University of Social Sciences, called the discovery of the 19 million compromised IP addresses “huge”.

“It’s 19 million different pieces of equipment. This is surely a big arrest, but unfortunately I think it’s not unique because there have been and probably are other botnets in the world,” he said.

Lim explained that the kind of malware used to create these botnets goes into a computer without necessarily causing damage or stealing data. Instead, it takes control of the computer, often without the user’s knowledge, after which it can be used for malicious activities that are managed by a remote server operated by the botnet’s controller.

“The bot infects thousands of computers across geographies, giving the perpetrator a whole interconnected army of computers to manipulate and orchestrate,” said Lim.

“A lot of these victims don’t even know they are involved, it might just be their computers running hot or intermittently slower, or they may be away from their computer, which nowadays we don’t power down,” he added.

01:48

Notorious ex-hacker hired by Vietnam’s cybersecurity agency to teach others on dangers of hacking

Notorious ex-hacker hired by Vietnam’s cybersecurity agency to teach others on dangers of hacking

Siah said that compromised IP addresses are commonly used for distributed denial-of-service (DDoS) attacks, which involves overwhelming a target with massive amounts of traffic to render it inaccessible; spam distribution through sending large volumes of unsolicited emails; and data theft.

They are also used for generating false clicks on online advertisements to generate revenue for the attacker and cryptocurrency mining.

Siah gave the example of the Mirai botnet, which was primarily used for launching DDoS attacks.

It targeted Internet of Things devices, such as cameras and routers, by exploiting default usernames and passwords.

In 2016, the Mirai botnet was used to launch one of the largest DDoS attacks in history, affecting major websites and services like Twitter, Reddit, and Netflix.

To protect computers from malware, the experts recommended keeping software updated, being vigilant about opening unknown emails and links, and downloading antivirus and anti-malware software from reputable companies.

“These tools can detect and remove malicious software that might turn your device into part of a botnet,” said Siah.

The indictment alleged that Wang used the illicitly gained proceeds to purchase property in the US, St Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates.

The indictment identifies dozens of assets and properties subject to forfeiture, including a 2022 Ferrari F8 Spider S-A, over two dozen cryptocurrency wallets and several luxury wristwatches.

The Associated Press reported on Thursday morning that the US is now awaiting Wang’s extradition.



Source link