WASHINGTON: A Chinese national was arrested in Singapore in an international operation on charges of creating and using malware that was used in cyberattacks, large-scale fraud and child exploitation.
The Singapore Police Force (SPF) confirmed that Wang Yunhe, 35, was arrested in his Singapore home on May 24 for his suspected involvement in cybercriminal activities in the United States.
The arrest followed an extradition request from the United States, said SPF on Thursday (May 30), in response to CNA queries. The US has an extradition treaty with Singapore.
US officials said Wang ran a major botnet for nearly a decade.
The US Department of Justice (DOJ) quoted FBI Director Christopher Wray as saying on Wednesday that the “911 S5” botnet – a network of malware-infected computers in nearly 200 countries – was likely the world’s largest.
This botnet was said to have amassed millions in profits by selling access to these computers to criminals who used them for identity theft, child exploitation and financial fraud including pandemic relief scams.
Search warrants were executed in Singapore and Thailand, the FBI’s deputy assistant director for cyber operations, Brett Leatherman, said.
The DOJ said in a statement dated May 29 that Wang and unnamed others allegedly “created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide”.
From 2018 until Jul 2022, Wang received US$99 million from sales of the hijacked proxied IP addresses either in cryptocurrency or fiat currency, the DOJ said.
It said cybercriminals who bought access to the infected IP addresses then bypassed financial fraud detection systems and stole “billions of dollars from financial institutions, credit card issuers and federal lending programmes”.
This includes fraudulent loss exceeding US$5.9 billion from 560,000 fraudulent unemployment insurance claims originating from compromised IP addresses, said the DOJ.
The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St Kitts and Nevis, where it said he obtained citizenship through investment.
It said Wang’s assets and properties included sports cars, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets and luxury watches in addition to the properties
“RIPPED FROM A SCREENPLAY”
The crimes alleged against Wang read like they are “ripped from a screenplay”, said Matthew S Axelrod, the assistant secretary for export enforcement at the US Department of Commerce’s Bureau of Industry and Security.
“A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats and exchange child exploitation materials – then using the scheme’s nearly US$100 million in profits to buy luxury cars, watches and real estate,” he said.
Officials estimated that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.
Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from US-based online service providers.
The DOJ said the operation was a multi-agency effort led by law enforcement in the US, Singapore, Thailand and Germany.
The Singapore police said on Thursday that they and the Attorney-General’s Chambers had been working on the case with the DOJ and the FBI since August 2022.
Investigations, led by the US, are ongoing, said the police.