An international law enforcement operation led by the United States (U.S.) Department of Justice (DOJ), with assistance from Singapore's Attorney-General's Chambers (AGC) and the Singapore Police Force (SPF), has successfully targeted and "dismantled" a major botnet used to commit large-scale fraud, bomb threats, and other cybercrimes.

In a press release dated May 29, the DOJ described the operation as a "coordinated multiagency effort" that involved law enforcement agencies from the US, Singapore, Thailand, and Germany.

A Chinese national, alleged to have helped created and operated the botnet, was arrested in Singapore as part of the effort.

How the alleged cybercrimes were committed

IT service management company Cloudflare describes a botnet as "a group of computers which have been infected by malware and have come under the control of a malicious actor".

The subject of the DOJ's operation was one such botnet known as 911 S5.

The DOJ said that law enforcement had arrested a 35-year-old man by the name of Yunhe Wang, who was allegedly 911 S5's administrator.

Wang, a People’s Republic of China national and a St. Kitts and Nevis citizen-by-investment, allegedly created and disseminated malware by "bundling" it with other program files, including "pirated versions of licensed software or copyrighted materials".

Anyone who downloaded the malware inadvertently gave Wang alleged access to their computers.

Wang was subsequently able to allegedly amass a network of millions of infected computers worldwide, associated with more than 19 million unique IP addresses.

Wang then allegedly offered cybercriminals access to these infected IP addresses for a fee, raking in millions of dollars.

World's largest botnet

Federal Bureau of Investigations (FBI) Director Christopher Wray described 911 S5 as "likely the world's largest botnet ever", adding that it had "infected computers in nearly 200 countries" and "facilitated a whole host of computer-enabled crimes, including financial frauds, identity theft, and child exploitation".

911 S5 enabled cybercriminals to "conceal their true originating IP addresses" and anonymously commit cybercrimes.

According to the DOJ, these crimes included "financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials".

Arrested in Singapore

An SPF spokesman told the Straits Times on May 30: “The police and Attorney-General’s Chambers have been working with the DOJ and Federal Bureau of Investigation (FBI) since August 2022.

On May 24, 2024, the police launched an operation to arrest Wang at his residence.”

The spokesman added that the U.S. authorities had made an extradition request for Wang after the arrest.

The U.S. has an extradition treaty with Singapore.

The anti-cybercrime operation

Officers across the globe seized assets valued at approximately US$30 million (S$40.6 million), and "identified additional forfeitable property" valued at approximately US$30 million (S$40.6 million).

The operation also seized 23 domains and over 70 servers that made up the "backbone" of the botnet.

The SPF has been notably beefing up anti-cybercrime efforts lately, such as by announcing a new anti-cybercrime scheme for NSFs and stepping up enforcement operations.

The Straits Times reported that Wang was appointed as director in two firms: Gold Click, a holding company, and Universe Capital Management, a management consultancy firm, according to Singapore's business registry.

He was also the sole shareholder in Eternal Code, a now-defunct wholesaler of computer software.

Wang had numerous assets in Singapore, such as a Singapore-registered 2022 Ferrari F8 Spider, bank accounts with CIMB Bank and Citibank Singapore, a condominium unit in Angullia Park, and luxury watches.

The DOJ said that these and other assets may be seized.

Said Attorney-General Merrick Garland: "This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cybercriminals to account."

Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.

According to the DoJ, Wang could face a maximum penalty of 65 years in prison.

Top collage via United States Department of Justice/Facebook and Singapore Police Force/Facebook