The Exploitation of a “Free VPN” Service Unveiled: A Shocking Revelation
In a shocking turn of events, hackers have managed to exploit a “Free VPN” service to establish a massive fraud botnet that has garnered the attention of US authorities. This audacious act of cybercrime has not only disrupted online services but has also triggered the imposition of sanctions by the United States. This article explores how hackers have utilized the disguise of a free VPN to partake in fraudulent activities and the consequences they are now confronting.
The US Treasury Department has imposed sanctions on the individuals behind the infamous 911 S5 botnet hacking operation. This malevolent network of compromised residential computers served as a crucial tool for cybercriminals seeking to conceal their activities. The Treasury’s Office of Foreign Assets Control (OFAC) has identified three individuals – Yunhe Wang, Jingping Liu, and Yanni Zheng – as the masterminds behind the 911 S5 botnet operation. Additionally, three Thailand-based companies owned by Wang, which were involved in laundering the proceeds of criminal endeavors, have been blacklisted.
The 911 S5 was essentially a vast network of hacked computers that cybercriminals could rent to obfuscate their true intentions and identities online. By utilizing these compromised residential IP addresses, criminals could make it appear as though their malicious actions originated from an innocent victim’s device rather than their own.
In a detailed investigation conducted by security firm KrebsOnSecurity in 2022, it was revealed that since 2015, 911 S5 had expanded its extensive proxy network by offering seemingly harmless “free” VPN services that surreptitiously enlisted users’ Windows PCs to route illicit traffic. The network’s broad reach of compromised systems near potential targets made it an attractive option for cybercriminals seeking the final connection to carry out various online frauds and heists.
According to the US Treasury, a staggering 19 million IP addresses were ensnared globally by the botnet. Its users submitted tens of thousands of fraudulent applications for pandemic relief funds, such as the Coronavirus Aid, Relief, and Economic Security Act programs, defrauding the US government of billions. Furthermore, the network’s hijacked IP addresses were implicated in a series of bomb threat hoaxes across the nation in July 2022.
Yunhe Wang emerged as the primary administrator overseeing 911 S5, as indicated by data from network providers utilized by the botnet. The virtual currency payments from the botnet’s criminal users were converted to US dollars by Liu and subsequently laundered through bank accounts in her name. These funds were used to acquire luxury real estate properties for Wang.
Zheng played a pivotal role in facilitating many of these illicit transactions, acting as Wang’s power of attorney and legal advisor through his company, Interesting Code. Zheng engaged in commercial transactions, made payments, and acquired real estate, such as a beachfront Thai condominium, on Wang’s behalf.
All three individuals sanctioned – Wang, Liu, and Zheng – are Chinese nationals, while the three blacklisted companies are based in Thailand. The crackdown was a coordinated effort involving the FBI, Defense Criminal Investigative Service, the Commerce Department’s export enforcement division, and law enforcement partners in Singapore and Thailand.
