Cybercrime
,
Endpoint Security
,
Fraud Management & Cybercrime
Treasury Department Says Botnet Users Committed Fraud, Made Bomb Threats
The U.S. Department of the Treasury sanctioned a Chinese national for his role in directing the 911 S5 botnet, which uses hacked residential computers as proxies and is often used to commit fraud.
See Also: Guide to Strengthening Mainframe Security
The department’s Office of Foreign Assets Control said an investigation into network infrastructure and virtual private networks used by botnet operators revealed Yunhe Wang as the primary administrator.
The office also sanctioned Jinping Liu, who it accused of laundering criminally derived proceeds. Also under sanctions is Yanni Zheng, a business agent for Wang. Treasury also listed three companies based in Thailand under Wang’s control – Spicy Code Co. Ltd., Tulip Biz Pattaya Group Co. Ltd. and Lily Suites Co. Ltd.
Criminals have used the botnet – consisting of 19 million IP addresses – to submit “tens of thousands of fraudulent applications” for coronavirus and economic stimulus funds, Treasury said. Users of 911 S5 also used the botnet to anonymously spread bomb threats in July 2022 – a period during which college campuses experienced a surge in such threats.
Hackers prize residential proxies since they provide a trusted node for entering the wider internet. Computer owners whose devices are compromised typically have no knowledge that their residential IP address is being used for fraud or to make threats. The botnet 911 S5 “essentially enables cybercriminals to conceal their originating location, effectively defeating fraud detection systems,” Treasury said.
Liu allegedly converted cryptocurrency payments from botnet users into U.S. dollars through over-the-counter vendors that wired and deposited the funding into bank accounts held by him. Zheng allegedly served as power of attorney for Wang and Spicy Code Co. Ltd., participating in numerous transactions and payments and purchasing real estate, including a luxury beachfront condominium in Thailand, on behalf of Wang.
The sanctions come after Treasury recently announced the first-ever U.S. sanctions against a commercial spyware entity used to target government officials, journalists and policy experts (see: US Announces First-Ever Sanctions Against Commercial Spyware).