Singapore Police Force (SPF) has arrested a 35-year-old Chinese national in an international operation on charges of creating and using malware that was used in cyberattacks, large-scale fraud and child exploitation.
The SPF confirmed that Wang Yunhe was arrested on May 24 from his Singapore home for his suspected involvement in cybercriminal activities in the United States.
On Thursday, SPF told CNA that the arrest was followed by an extradition request from the United States. The US has an extradition treaty with Singapore.
Search Warrants Executed in Singapore and Thailand
According to the US officials, Wang ran a major botnet for nearly a decade. The US Department of Justice (DOJ) quoted FBI Director Christopher Wray as saying on Wednesday that the "911 S5" botnet – a network of malware-infected computers in nearly 200 countries – was likely the world's largest.
Reports claimed that this botnet was said to have amassed millions in profits by selling access to these computers to criminals who used them for identity theft, child exploitation and financial fraud including pandemic relief scams.
FBI's deputy assistant director for cyber operations, Brett Leatherman, said that search warrants were executed in Singapore and Thailand.
"Created and Disseminated Malware"
The DOJ statement, dated May 29, said that Wang and unnamed others allegedly "created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide". It said, Wang received $99 million from sales of the hijacked proxied IP addresses either in cryptocurrency or fiat currency, within a time frame of 2018 and July 2022.
As per DOJ, cybercriminals who bought access to the infected IP addresses then bypassed financial fraud detection systems and stole "billions of dollars from financial institutions, credit card issuers and federal lending programmes".
This includes fraudulent loss exceeding $5.9 billion from 560,000 fraudulent unemployment insurance claims originating from compromised IP addresses, stated the DOJ.
The indictment says Wang used his illicit gains to purchase 21 properties in the United States, China, Singapore, Thailand, the United Arab Emirates and St Kitts and Nevis, where it said he obtained citizenship through investment.
Wang's Assets Included Luxurious Cars, Watches and More
According to the statement, Wang's assets and properties included expensive sports cars, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets and luxury watches in addition to the properties
Matthew S Axelrod, the assistant secretary for export enforcement at the US Department of Commerce's Bureau of Industry and Security, said the crimes alleged against Wang read like they are "ripped from a screenplay".
He added, "A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats and exchange child exploitation materials – then using the scheme's nearly US$100 million in profits to buy luxury cars, watches and real estate."
Investigations On
Officials estimated that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses.
Wang allegedly managed the botnet through 150 dedicated servers, half of them leased from US-based online service providers.
The DOJ said the operation was a multi-agency effort led by law enforcement in the US, Singapore, Thailand and Germany.
On Thursday, the Singapore police said that they and the Attorney-General's Chambers had been working on the case with the DOJ and the FBI since August 2022. The police said that the investigations, led by the US, are ongoing.
