Chinese National Charged With Stealing an Eye-Popping $5.9 Billion in COVID Relief Funds

AP Photo/Alex Brandon, File

This is truly a remarkable story of theft on an almost unimaginable scale.

YunHe Wang, a 35-year-old Chinese national, created a "botnet" called “911 S5” from about 150 servers worldwide, including some in the U.S., according to the indictment. CNBC reports that from 2014 to 2022, "The botnet hacked into over 19 million IP addresses in nearly 200 countries, the DOJ announcement said. About 614,000 IP addresses were in the U.S., according to the indictment."


FBI Director Christopher Wray said it is “likely the world’s largest botnet ever.”  

CNBC describes a "botnet" as "a kind of malware that connects a network of hacked devices, which criminals can then use remotely to launch cyberattacks." The FBI has supplied a link to a website that will help individuals identify if they've been targeted and how to clear the malware if they are.

“The conduct alleged here reads like it’s ripped from a screenplay,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod of the Commerce Department.

“What they don’t show in the movies though is the painstaking work it takes by domestic and international law enforcement, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen,” he added.

The arrest comes a day after Treasury Department sanctioned Wang and two others for their alleged involvement with 911 S5. Treasury also imposed sanctions on three companies that Wang owned or controlled: Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited.

Wang is facing a maximum 65-year prison sentence with four criminal counts: conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering. 

The charges come as U.S. law enforcement agencies try to update protocols to keep up with more sophisticated cybersecurity threats.


“This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5, a botnet that facilitated cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations,” said Attorney General Merrick B. Garland. “As a result of this operation, YunHe Wang was arrested on charges that he created and operated the botnet and deployed malware. This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cybercriminals to account.”

911 S5 customers allegedly targeted certain pandemic relief programs. For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion. Additionally, in evaluating suspected fraud loss to the Economic Injury Disaster Loan (EIDL) program, the United States estimates that more than 47,000 EIDL applications originated from IP addresses compromised by 911 S5. Millions of dollars more were similarly identified by financial institutions in the United States as loss originating from IP addresses compromised by 911 S5.


That's a nice chunk of pandemic relief change that the government has uncovered. They're not going to get much of it back, but at least now Biden can claim that some of the crimes have been "solved." You have to wonder if any more botnets found it much too easy to steal from the government.


Trending on PJ Media Videos

Join the conversation as a VIP Member