An international law enforcement operation led by the Department of Justice (DOJ) has disrupted a botnet known as 911 S5, which exploited free VPNs to facilitate various cybercrimes, including fraud, harassment, and child exploitation.
YunHe Wang, 35, a citizen of China and St. Kitts and Nevis, was arrested on May 24 for creating and running this whole botnet scheme. Feds say he used malware to infect millions of personal Windows computers around the world, building a network with over 19 million unique IP addresses.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
The impact of the botnet scheme
Wang created a system that allowed cybercriminals to mask their identities and commit grave crimes. He did that by creating and disseminating a botnet called 911 S5 to compromise and amass a network of millions of residential Windows computers worldwide from 2014 through July 2022, according to DOJ. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the US.
FBI Director Christopher Wray called 911 S5, the world’s largest botnet. It lets cybercriminals bypass financial fraud detection systems and steal billions of dollars from banks, credit card companies, and federal lending programs. The government estimates that 560,000 fake unemployment insurance claims came from compromised internet addresses, leading to over $5.9 billion in confirmed losses.
“Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5,” the DOJ wrote. “Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5.”
The DOJ alleges that from 2018 until July 2022, Wang made about $99 million from selling hijacked proxied IP addresses through his 911 S5 operation, receiving payments in both cryptocurrency and fiat currency. Wang used this money to buy real estate in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the UAE.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
VOICE CLONING IS THE NEW WEAPON IN SCAMMERS’ ARSENAL FOR FAMILY EMERGENCY SCHEMES
How the botnet operated
The malware was spread through free VPN programs like MaskVPN and DewVPN, which were distributed via torrent sites. It was also bundled with other programs, including pirated software, using pay-per-install services.
The operator managed around 150 dedicated servers globally, with 76 rented from US online service providers. These servers were used to deploy and manage the malicious applications, control the infected devices, run the 911 S5 service, and provide paying customers with access to the IP addresses of the compromised devices.
Essentially, the operator hijacked devices by infecting them with malware. The infected devices then became part of the botnet, allowing their IP addresses to be rented out to cybercriminals. These cybercriminals could then use the hijacked IP addresses to anonymously carry out various offenses while concealing their true locations and identities.
CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS
Why free VPNs should be avoided
Wang’s arrest serves as a cautionary tale against using free VPN services. As discussed, he exploited free VPNs like MaskVPN and DewVPN to distribute malware and enable cybercriminals to misuse the IP addresses of infected devices. However, this is not the only drawback of free VPNs.
Free VPN services often lack robust data protection measures, as they typically do not undergo third-party audits to verify their security practices. Users of free VPNs may also experience sluggish internet speeds and an increased risk of phishing attacks.
THE ‘UNSUBSCRIBE’ EMAIL SCAM IS TARGETING AMERICANS
6 proactive measures to take to protect yourself from such frauds
You can easily protect cybercriminals from misusing your data or personal devices by following these steps:
1) Invest in a reputable paid VPN service: Paid VPN services offer robust encryption protocols, strict no-logging policies, and faster connection speeds, ensuring enhanced privacy and security when browsing the internet or accessing online services. A paid VPN service can also protect against being tracked and identify your potential location on websites that you visit. Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location.
My top recommendation is ExpressVPN. It is quick and easy to set up, available in 105 countries and does not log your IP address, browsing history, traffic destination or metadata, or DNS queries.
Right now you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a savings of 49%! Try 30 days risk-free.
2) Have strong antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
3) Invest in personal data removal services:
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): 175+ data brokers
4) Use strong and unique passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
5) Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
6) Keep software and operating systems up-to-date: Regularly update software, applications, and operating systems to benefit from the latest security patches and vulnerability fixes, reducing the risk of exploitation by malware or cybercriminals.
Kurt’s key takeaways
Cybercriminals come up with new ways to exploit you, your data, and your electronic devices. While it’s hard to predict which new tactic they have in store, you can protect yourself by being extra careful when navigating the web, dealing with phishing calls, and clicking on links. The current cybercrime situation also teaches us not to use free VPN services, even if they sound very tempting.
Do you use a free VPN or a paid VPN service? What do you like about either of these services? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.