"World largest botnet ever" shut down — US government seizes 911 S5 operation and takes it offline

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

The US government and the government of Singapore has dismantled what has been called “likely the world’s largest botnet ever” and arrested its administrator. 

The 911 S5 botnet granted cybercriminals means to keep their identities hidden while running different schemes. 

The news was confirmed by FBI Director, Christopher Wray, who said “working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world's largest botnet ever...We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators."

Millions of unique IPs

The news comes hours after it was reported that the US government had sanctioned three individuals and three companies for building and running 911 S5. 

The individuals were named as Yunhe Wang, Jingping Liu, and Yanni Zheng, while the companies are called Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, all owned by Yunhe Wang and registered in Thailand. 

According to the US government, the group created a number of free VPN tools, which they offered to the general public. However, those that would install and use these tools would also get their devices infected with malware which would integrate the computers into the botnet. 

Then, the three would offer botnet’s services to various cybercriminals, who would use them to mask their online identities as they run different schemes. Among other things, the US government said the botnet was used to make bomb threats across the US, roughly two years ago.

Allegedly, the botnet had more than 19 million unique IP addresses, 600,000 of which were from the United States. 

"Wang [..] managed and controlled approximately 150 dedicated servers worldwide, approximately 76 of which he leased from U.S. based online service providers," the Justice Department said. "Using the dedicated servers, Wang deployed and managed applications, commanded and controlled the infected devices, operated his 911 S5 service, and provided paying customers with access to proxied IP addresses associated with the infected devices."

Wang is suspected of making almost $100 million selling access to the botnet. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.