With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

It was very recently revealed that a global law enforcement effort took down a massive botnet that was in action for almost a decade. In light of this, we wanted to review what a botnet is and how it works, drawing from these events for some context.

Let’s begin by summarizing the situation.

A Botnet, Potentially the Biggest Ever, Was Disrupted

It has been alleged by the Justice Department that YunHe Wang, a 35-year-old national of the People’s Republic of China, created and disseminated malware that compromised millions of private Windows computers around the world and incorporated them into a massive botnet known as 911 S5. According to the indictment, Wang then provided access to the 19 million infected IP addresses to other cybercriminals, personally amassing millions of dollars.

Court documents state that Wang was able to accomplish this by offering a free virtual private network—allowing 911 S5 users to hide their traffic in these machines—and by bundling it in with pirated software downloads. The cybercriminals that he allegedly sold this access to then used the undermined computers to commit a litany of crimes, including cyberattacks of their own, widespread fraud, online harassment, child exploitation, export violations, and bomb threats. According to the claims made in the indictment, Wang’s approximately $99 million in sales between 2018 and July of 2022 allowed him to purchase various assets around the world, including 21 pieces of property, numerous vehicles, cryptocurrency wallets, and much more.

According to the indictment, 911 S5 has also enabled the theft of billions from financial institutions, credit card issuers, and federal lending programs, as well as fraudulent claims being made to pandemic relief programs.

Law enforcement first caught wind of this operation when IP addresses purchased from 911 S5 were used with stolen credit card details to place orders on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. After an international investigation, Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, as well as conspiracy to commit money laundering… all of which could potentially penalize him with 65 years in prison, should he be convicted on all counts.

So, What is a Botnet?

A botnet is a collection of Internet-connected computers and other devices that are networked together and can be used to accomplish a bad actor’s goals without the owner knowing. There are various uses that cybercriminals have for botnets. Some will use them as the muscle behind a cyberattack, committing the computing resources of every involved device to overcoming a system’s protections. Others will use them to perform credential stuffing, which is a means of breaking into an account by trying lists of stolen usernames and passwords. Some will use them to mine for cryptocurrency.

Long story short, it’s a lot of people’s devices being used without their knowledge or permission to do something most of those people likely wouldn’t approve of.

What Can We Learn from this Situation?

First and foremost, always, always, always download any software from a legitimate and verifiable source. It’s good to remember that nothing is ever free… you’ll always pay for it in some way, shape, or form. In the case of all the people who used the “free” VPN, they paid for it by having their devices co-opted for cybercriminal activity.

If you are one of these people, it is important that you remove the applications installed by 911 S5, which the FBI has provided some guidance into.

Second, 911 S5 is relevant enough that it bears bringing up the dangers of shadow IT in a business. While it was targeted at personal users and computers, is it really that hard to think that one of your team members might have installed it or something similar? You need to know that your team will not just go and install things on their own computers, and that they’ll turn to IT for help in obtaining what they need. 

Otherwise, they run the risk of installing pirated or cracked software (software with its copy protections removed), which can very easily cause both operational and legal troubles for your business… and that’s without taking the potential of being part of a botnet into account.

If you need an IT resource for your team to turn to, we’re here to help. White Mountain IT Services helps New Hampshire businesses with all things information technology, and we do it in such a way that, ideally, you won’t even know we’re there. Give us a call at (603) 889-0800 today to learn more.

White Mountain IT

Related Posts

These IT Threats Can Ruin Your Business

Technology is a major part of today’s business. It’s fair to say anyone that works in business today is at least semi-proficient with the technology needed to complete their tasks. Unfortunately, for many people, however, the fact that their business requires complicated technology is problematic. This is because at any given moment there are people looking to undermine their job, seeking access t...

Prevent the Majority of Threats with Endpoint Security

There are many parts of running a business where you cannot be too careful, one of which is the realm of cybersecurity. Many of the preventative measures you can implement aim to keep issues from making their way to your infrastructure in the first place, which makes sense from an operational standpoint. With an endpoint detection and response solution—or EDR—you’ll take an important step toward k...

Tip of the Week: Three Steps to Policing Your IT Policies

Small businesses are presented with the challenging prospect of monitoring and policing various IT-related policies that you might have for your network infrastructure and workplace technology use. The difficulty of this notion does little to lessen its importance, however. You need to take action to protect your assets, data, and reputation from the countless threats out there, and ensuring that ...

Why You Need to Use a Surge Protector, Not a Power Strip

It’s easy to look at a power strip and a surge protector and question if there’s anything that actually makes them different. After all, they both give you extra plugs, right? Yes, but there’s more to it than just that. Let’s review some of the important differences between the two that make one a far better choice for your business’ power delivery needs. What’s So Different About Surge Protec...

Sound Familiar?

Here are some of the most common complaints we hear from businesses that aren’t satisfied with their IT vendor and want to switch to White Mountain.

There is a Better Way!

Give White Mountain IT a Call Today

BOOK A CALL

Nationwide Remote IT Services,

Without a Long Term Contract.

We provide services and support to businesses throughout the US. If we do not have an on-site resource in your area, we can manage a local vendor to provide on-site assistance if and when needed.

All our Managed Services are carried out by our dedicated team of full-time employees. These professionals have successfully cleared multiple security and background checks, ensuring the highest level of service and reliability for your business. 

Need an Onsite Visit?

We've Got You Covered!

Manchester N.H. Office:

121 Riverfront Drive
Manchester NH 03102

Nashua N.H. Office:

33 Main Street
Suite 302
Nashua NH 03064

Client Help Desk        603-889-2210

New Client Inquiries   603-889-0800

OPEN POSITIONS

Client Help Desk

603-889-2210

New Client Inquiries
   603-889-0800

© 2024 All Rights Reserved. copy_right_image

Protected by Copyscape Plagiarism Checker – Do not copy content from this site.