With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

It was very recently revealed that a global law enforcement effort took down a massive botnet that was in action for almost a decade. In light of this, we wanted to review what a botnet is and how it works, drawing from these events for some context.

Let’s begin by summarizing the situation.

A Botnet, Potentially the Biggest Ever, Was Disrupted

It has been alleged by the Justice Department that YunHe Wang, a 35-year-old national of the People’s Republic of China, created and disseminated malware that compromised millions of private Windows computers around the world and incorporated them into a massive botnet known as 911 S5. According to the indictment, Wang then provided access to the 19 million infected IP addresses to other cybercriminals, personally amassing millions of dollars.

Court documents state that Wang was able to accomplish this by offering a free virtual private network—allowing 911 S5 users to hide their traffic in these machines—and by bundling it in with pirated software downloads. The cybercriminals that he allegedly sold this access to then used the undermined computers to commit a litany of crimes, including cyberattacks of their own, widespread fraud, online harassment, child exploitation, export violations, and bomb threats. According to the claims made in the indictment, Wang’s approximately $99 million in sales between 2018 and July of 2022 allowed him to purchase various assets around the world, including 21 pieces of property, numerous vehicles, cryptocurrency wallets, and much more.

According to the indictment, 911 S5 has also enabled the theft of billions from financial institutions, credit card issuers, and federal lending programs, as well as fraudulent claims being made to pandemic relief programs.

Law enforcement first caught wind of this operation when IP addresses purchased from 911 S5 were used with stolen credit card details to place orders on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. After an international investigation, Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, as well as conspiracy to commit money laundering… all of which could potentially penalize him with 65 years in prison, should he be convicted on all counts.

So, What is a Botnet?

A botnet is a collection of Internet-connected computers and other devices that are networked together and can be used to accomplish a bad actor’s goals without the owner knowing. There are various uses that cybercriminals have for botnets. Some will use them as the muscle behind a cyberattack, committing the computing resources of every involved device to overcoming a system’s protections. Others will use them to perform credential stuffing, which is a means of breaking into an account by trying lists of stolen usernames and passwords. Some will use them to mine for cryptocurrency.

Long story short, it’s a lot of people’s devices being used without their knowledge or permission to do something most of those people likely wouldn’t approve of.

What Can We Learn from this Situation?

First and foremost, always, always, always download any software from a legitimate and verifiable source. It’s good to remember that nothing is ever free… you’ll always pay for it in some way, shape, or form. In the case of all the people who used the “free” VPN, they paid for it by having their devices co-opted for cybercriminal activity.

If you are one of these people, it is important that you remove the applications installed by 911 S5, which the FBI has provided some guidance into.

Second, 911 S5 is relevant enough that it bears bringing up the dangers of shadow IT in a business. While it was targeted at personal users and computers, is it really that hard to think that one of your team members might have installed it or something similar? You need to know that your team will not just go and install things on their own computers, and that they’ll turn to IT for help in obtaining what they need. 

Otherwise, they run the risk of installing pirated or cracked software (software with its copy protections removed), which can very easily cause both operational and legal troubles for your business… and that’s without taking the potential of being part of a botnet into account.

If you need an IT resource for your team to turn to, we’re here to help. White Mountain IT Services helps New Hampshire businesses with all things information technology, and we do it in such a way that, ideally, you won’t even know we’re there. Give us a call at (603) 889-0800 today to learn more.

White Mountain IT

Related Posts

Spam On an Industrial Scale

Nowadays, few things are as universally annoying as the constant stream of spam emails. From ludicrous pharmaceutical offers to urgent pleas for financial assistance from other nations’ royalty, our inboxes can often be likened to a digital landfill. What many people don't realize, however, is that behind this persistent nuisance lies a huge, and shockingly lucrative, industry. Spam is Not New ...

Roll Out the Red Carpet While Keeping Your Customers’ Data Secure

It's a familiar challenge for businesses: how do you build customer loyalty and a strong user experience while also making sure that their data is protected? Sustainable success depends on mastering this delicate balance. Instead of choosing one over the other, the goal is to optimize data protection without hindering your ability to engage customers and drive growth. Prioritize Proactive, Invi...

Why Do Businesses Have Such a Hard Time Identifying Threats?

Cybersecurity is intensely important, so a business owner would think implementing every security feature and defense would be a good idea. However, as research has shown, this can be counterproductive, as only 67% of surveyed security leaders know what led to cybersecurity incidents in their businesses over the past year.  Let’s explore why security breaches often go unnoticed by the bus...

You May Not Think You’re Popular, but Your Data Certainly Is

Data is extremely important in the way that most businesses conduct themselves. This results in other people wanting that information, too. Today’s blog will look at how seemingly everyone online is out for your data.  Businesses Want Your Data… Companies and hackers are both intensely interested in acquiring your personal data, albeit for vastly different reasons.  Companies collec...