The US Department of Justice reported the successful dismantling of a large botnet called 911 S5, thanks to international law enforcement cooperation. The botnet, managed by YunHe Wang, was said to consist of approximately 19 million unique IP addresses.
About 911 S5 Botnet
911 S5 botnet was allegedly used for a multitude of illicit activities including cyberattacks, large-scale scams, child exploitation, intimidation, bomb threats, and circumvention of export restrictions. It was mainly composed of compromised Windows-powered household computers from around the globe. The network comprised an immense 19 million IP addresses, 613,841 of which were located within the US. These unique IPs highlight the scale of the botnet, as each IP address can be common to several machines within a network.
Background of Botnet Operator YunHe Wang
YunHe Wang, a Chinese national, also secured citizenship of the island state of Saint Kitts and Nevis through its investment program. Wang was suspected of distributing malicious software utilized to develop the 911 S5 botnet via VPN service clients, including MaskVPN and DewVPN, among others. Additionally, he was found to embed viruses in installation files of pirated software and copyright-protected materials. He operated approximately 150 dedicated servers, 76 of which were leased from American service providers. These servers enabled him to deploy applications, control infected systems, and offer clients access to these systems acting as proxy servers.
Closure of Botnets and Hackers Network
The takedown of the 911 S5 botnet was announced by US authorities two weeks subsequent to the reported closure of hackers’ network, BreachForums. The latter resurfaced in no time, offering the personal data of 560 million Ticketmaster customers for sale. It’s worth noting that despite a series of high-profile crackdowns by law enforcement, certain crippled botnets and hacker forums somehow manage to resume operations.