A recent international operation has led to the arrest of Wang, the alleged administrator of the 911 S5 botnet, which was used for carrying out massive fraud schemes. Wang was said to have managed about 150 dedicated servers worldwide, with 76 of them being leased from US-based service providers. The Justice Department stated that Wang used these servers to deploy and manage applications, control infected devices, operate his 911 S5 service, and provide customers with access to proxied IP addresses linked to the infected devices.
Authorities have clarified that Wang was driven by financial motives and had no connections to any nation-states. He is facing charges that include conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. Wang’s alleged actions had far-reaching consequences, as some of his customers reportedly targeted various pandemic relief programs using IP addresses bought from 911 S5 to mask their true locations.
One notable incident involved the filing of 560,000 fraudulent unemployment insurance claims during the pandemic, resulting in a confirmed loss of over $5.9 billion. Additionally, more than 47,000 fraudulent Economic Injury Disaster Loan (EIDL) applications were submitted, leading to losses in the millions. The release also highlighted a case where criminal actors in Ghana and the United States utilized hijacked IP addresses from 911 S5 to place fraudulent orders using stolen credit cards on the Army and Air Force Exchange Service (AAFES) online platform. While around $5.5 million worth of fraudulent orders were made, robust fraud detection systems and federal investigators managed to prevent most of the transactions, reducing the actual loss to about $254,000.
If convicted on all charges, Wang could face a maximum sentence of 65 years in prison. As of now, no attorney has been identified for Wang. The FBI has launched a webpage to help potential victims determine if their devices were compromised by the 911 S5 botnet. This operation serves as a significant development in combating cybercrime and protecting individuals and organizations from falling victim to such fraudulent schemes.