The FBI said it has dismantled what is likely the world’s largest botnet — an army of 19 million infected computers — that was leased to hackers for cybercrimes.
The botnet, which was spread across more than 190 countries, enabled financial fraud, identity theft and access to child exploitation materials around the world, according to a statement issued on Wednesday by FBI Director Christopher Wray. Other violations tied to the botnet included bomb threats and cyberattacks, likely leading to billions of dollars in victim losses, according to a statement from the Department of Justice.
The botnet was tied to more than 613,000 IP addresses located in the US, authorities said. Botnets are created when cybercriminals install malware on computers or other connected devices and harness them for nefarious activities, creating a zombie army of devices whose owners are usually unaware of what is happening.
Law enforcement seized internet equipment and assets, and levied sanctions against the alleged administrator of the botnet, YunHe Wang, as well as co-conspirators, Wray said.
Wang, a Chinese citizen, was arrested in Singapore on May 24, charged in connection with allegedly deploying malware and creating and operating a residential proxy service known as “911 S5.”
Singaporean authorities confirmed the arrest, which occurred based on an extradition request from the US. Singapore has been working with US law enforcement on the matter since August 2022, they said.
It was started in 2014 and relied on a network of millions of compromised residential Windows computers, according to the US government. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee, according to the Department of Justice.
The US is now awaiting extradition, according to Brett Leatherman, deputy assistant director with the FBI’s Cyber Division. “We want him, you know, as soon as possible,” Leatherman told reporters in a call on Wednesday.
The FBI and international partners also executed multiple search warrants and interviews in Singapore and Thailand that could lead to additional arrests, he added.
The law enforcement operation, named Operation Tunnel Rat, also seized luxury goods including expensive cars and watches worth $4 million, as well as more than $29 million in cryptocurrency and about $30 million in real estate in Singapore, Thailand, Dubai and elsewhere, plus 22 domains, officials said.
Residential IP addresses became compromised when users downloaded certain free software or virtual private network apps, which unknowingly contained malware associated with the botnet onto their devices, Leatherman said. The FBI has issued a web page where members of the public can check if their IP address was among those compromised.
