中国公民因涉嫌运营“世界最大僵尸网络”而被捕

中国公民因涉嫌运营“世界最大僵尸网络”而被捕
Chinese National Arrested For Allegedly Operating "World's Largest Botnet"

原始链接: https://www.zerohedge.com/technology/chinese-national-arrested-allegedly-operating-worlds-largest-botnet

35 岁的中国公民王云鹤被美国司法部 (DOJ) 指控，自 2014 年以来，他在近 200 个国家运营着一个由约 1,900 万个被盗 IP 地址组成的大型僵尸网络。据报道，他将该网络出租给犯罪分子，赚取了超过 9,900 万美元的收入参与各种网络活动，包括与 COVID-19 大流行救济相关的诈骗。这项名为“911 S5”的服务使用户能够在实施非法行为时隐藏自己的数字轨迹，例如金融欺诈、跟踪、制造炸弹威胁、非法出口以及处理儿童剥削材料。该僵尸网络可能有助于从银行、信用卡发行机构和政府贷款中窃取数十亿美元。大约 560,000 笔欺诈交易造成了超过 59 亿美元的损失。当局估计该僵尸网络可能是世界上最大的。王使用了几个化名，如“Jack Wan”、“Williams Tang”和“Tom Long”。早在 2011 年，他就通过创建恶意 VPN 软件构建了自己的僵尸网络，并在全球范围内分发。他的僵尸网络拥有大约 613,000 个美国 IP 地址，感染了德克萨斯州东区的大约 346 台计算机。通过国际合作，该网站于 2022 年 7 月被查封，并查封了 23 个域名和 70 多台服务器。王面临多项刑事指控，可能被判处最高 65 年监禁，并被没收价值数百万美元的资产。与此同时，美国财政部对他、他的同谋、律师和相关泰国公司实施了制裁。

原文

Authored by Frank Fang via The Epoch Times,

A Chinese national has been arrested for allegedly running a botnet of 19 million infected IP addresses in nearly 200 countries, amassing at least $99 million by leasing his network to criminals for cybercrimes including COVID-19 pandemic relief scams.

The Department of Justice (DOJ) said Wang Yunhe, 35, offered customers to use his network of compromised IP addresses for a fee from 2014 until July 2022, according to a press release issued on May 29. The service, named “911 S5,” allowed cybercriminals to conceal their digital footprint when engaging in nefarious online activities.

Those offenses included financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials.

Criminals are also alleged to have used the botnet service to bypass financial fraud detection systems in the United States and elsewhere, and stolen billions of dollars from financial institutions, credit card issuers, and federal lending programs, according to an indictment. About 560,529 fraudulent claims came from “IP addresses exploited and trafficked” by Mr. Wang’s botnet, leading to more than $5.9 billion in losses.

The network was “likely the world’s largest botnet ever,” the DOJ said, quoting FBI Director Christopher Wray.

Mr. Wang’s alleged scheme “reads like it’s ripped from a screenplay,” Assistant Secretary for Export Enforcement Matthew S. Axelrod from the Commerce Department’s Bureau of Industry and Security said in a statement.

Malware

According to the indictment, Mr. Wang went by several pseudonyms including “Jack Wan,” “Williams Tang,” and “Tom Long.” He was arrested in Singapore on May 24 and search warrants were executed in the Southeast Asian country and nearby Thailand, Brett Leatherman, the deputy assistant director for the FBI’s cyber division, said in a LinkedIn post.

Authorities also seized $29 million in cryptocurrency, according to Mr. Leatherman.

To build up his botnet, Mr. Wang allegedly began developing malicious Virtual Private Network (VPN) programs, such as MaskVPN, DewVPN, and Shine VPN, as early as 2011, according to the indictment. He then allegedly distributed his malware “with the intent to infect residential computers worldwide.”

A VPN is a service that typically hides a user’s IP address and encrypts an internet connection, diverting traffic through a remote server.

“Wang then managed and controlled approximately 150 dedicated servers worldwide, approximately 76 of which he leased from U.S.-based online service providers,” the press release reads.

As of July 2022, Mr. Wang amassed more than 19 million unique IP addresses by spreading his malware to computers worldwide. “[C]ybercriminals using the 911 S5 service were able to select by city, state, zip code, or country exactly the IP addresses through which they wanted to connect to the internet,” the indictment reads.

Of the 19 million IP addresses, Mr. Wang’s botnet included about 613,841 IP addresses in the United States, the indictment stated, and his malware infected about 346 computers in the Eastern District of Texas between April 2020 and July 2022.

The indictment stated that Mr. Wang’s botnet ceased operations in July 2022 but infected computers “remain actively compromised.” Therefore “the botnet remains available to be reconstituted into a new illicit proxy service at any time,” the document reads.

Cooperation

Attorney General Merrick B. Garland said international cooperation led to the dismantling of the botnet.

“The Justice Department led an international law enforcement operation stretching from Southeast Asia to Europe to the Caribbean, which disrupted 911 S5,” Mr. Garland said in a video statement. “As a result of our coordinated actions, the botnet has been taken down.”

According to the DOJ, law enforcement agencies in Singapore, Thailand, and Germany worked with U.S. officials in the case. The joint operation led to the seizure of 23 domains and over 70 servers.

“As today’s case makes clear, the long arm of the law stretches across borders and into the deepest shadows of the dark web,” Mr. Garland added.

Mr. Wang allegedly used the proceeds received from customers of his botnet to buy property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates.

Mr. Wang is facing charges of conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering, with a maximum 65-year prison sentence.

Federal authorities are seeking to seize dozens of assets and properties allegedly owned by Mr. Wang, according to the indictment. These include a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, several luxury wristwatches, and 21 residential or investment properties.

On May 28, the Treasury Department announced sanctions against Mr. Wang, his co-conspirator Liu Jinping, his attorney Zheng Yanni, and three Thailand-based companies under his control.