In a significant victory for U.S. law enforcement, the Department of Justice announced the arrest of Yunhe Wan, a 35-year-old Chinese national accused of orchestrating the largest botnet scheme in history. According to a DOJ press release, Wan and his accomplices used pop-ups advertising alleged VPN services to distribute malware, infecting millions of residential Windows computers in nearly 200 countries. This created an extensive residential proxy service, known as “911 S5,” which hid users behind real people’s IP addresses. Wan made money by selling other hackers access to the 911 S5 network, which allowed them to commit a variety of crimes against children, identity theft, and financial fraud. Christopher Wray, the director of the FBI, emphasized the network’s usage in a number of crimes involving computers. With its launch in 2014, the 911 S5 scheme has made an incredible $99 million. Wan is said to have spent his illegal money on expensive homes, vehicles, watches, and other items.
“The conduct alleged here reads like it’s ripped from a screenplay,” remarked Department of Commerce official Matthew Axelrod. He described the scheme as one that sold access to millions of malware-infected computers worldwide, enabling criminals to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials. Wan has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering, and faces up to 65 years in prison.
Wan’s lavish lifestyle, funded by his criminal activities, is evident in the DOJ’s forfeiture list, which includes a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, multiple luxury wristwatches, 21 residential or investment properties across several countries, and over two dozen cryptocurrency wallets.
One of the more striking allegations against Wan is that the 911 S5 network allowed foreign actors to pose as unemployed U.S. citizens during the coronavirus pandemic, resulting in nearly $6 billion in COVID aid fraud. The network also facilitated cyberstalking and the distribution of child sexual abuse materials, underscoring the vast and destructive impact of Wan’s botnet operation.