The Cloud Router homepage, which was seized by the FBI this past weekend.
Cloud Router was previously called 911 S5. On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe Wang.
In a statement on his arrest today, the DOJ said 911 S5 enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs.
The government estimates that 560,000 fraudulent unemployment insurance claims originated from compromised Internet addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion.
911's VPN performed largely as advertised for the user - allowing them to surf the web anonymously - but it also quietly turned the user's computer into a traffic relay for paying 911 S5 customers.
Namely, the ability to route one's malicious traffic through a computer that is geographically close to the consumer whose stolen credit card is about to be used, or whose bank account is about to be emptied.
28 would let users cycle through 150 proxies on this popular service.
KrebsOnSecurity first identified Mr. Wang as the proprietor of the popular service in a deep dive on 911 S5 published in July 2022.
Ten days later, 911 S5 closed up shop, claiming it had been hacked.
Experts soon tracked the reemergence of the proxy network by another name: Cloud Router.
The announcement of Wang's arrest came less than 24 hours after the U.S. Department of the Treasury sanctioned Wang and two associates, as well as several companies the men allegedly used to launder the nearly $100 million in proceeds from 911 S5 and Cloud Router customers.
Cloud Router's homepage now features a notice saying the domain has been seized by the U.S. government.
The DOJ says it worked with authorities in Singapore, Thailand and Germany to search residences tied to the defendant, and seized approximately $30 million in assets.
The Cloud Router homepage now features a seizure notice from the FBI in multiple languages.
Those assets included a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, several luxury wristwatches, and 21 residential or investment properties.
The government says Wang is charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
If convicted on all counts, he faces a maximum penalty of 65 years in prison.
Brett Leatherman, deputy assistant director of the FBI's Cyber Division, said the DOJ is working with the Singaporean government on extraditing Wang to face charges in the United States.
Leatherman encouraged Internet users to visit a new FBI webpage that can help people determine whether their computers may be part of the 911 S5 botnet, which the government says spanned more than 19 million individual computers in at least 190 countries.
This Cyber News was published on krebsonsecurity.com. Publication date: Wed, 29 May 2024 19:30:16 +0000