Online Fraud - Police Agencies Recover Stolen $Millions

US and EU law enforcement agencies have separately announced major take-downs of cyber crime networks that had defrauded people of $billions. 

Law enforcement agencies in Singapore and Thailand, as well as Microsoft, were amongst the organisations that helped with the investigation. 

Both the US Department of Justice (DoJ) and Europol each claimed their operations were the biggest bust of a botnet in the world and the DoJ said Mr Wang is accused of using a botnet to hack into more than 19 million devices across almost 200 countries. 

A court-authorised international law enforcement operation led by the US Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations. The US has arrested a 35-year-old Chinese national YunHe Wang and seized assets including an expensive sports car, luxury watches and 21 properties. The Chinese man, YunHe Wang, is accused of helping assemble a vast network of infected computers, known as a botnet, that was used to carry out bomb threats, send child exploitation materials online and conduct financial fraud, amongst other schemes. The DoJ said Mr Wang is accused of using a botnet to hack into more than 19 million devices across almost 200 countries. 

Cyber criminals used the botnet to submit tens of thousands of fraudulent applications for US federal relief  during  the Covid pandemic, costing an estimated $20 million.

Meanwhile, Europol has made four arrests they also said that 8 criminals are now on the run and they will be added to European police forces' "most wanted" list. Cyber criminals use so-called botnets to take over peoples' computers and install malicious software. This software can then be used to collect data from a computer, send spam or even delete person data without the owner's knowledge. 

Nicole Argentieri, principal deputy assistant attorney general at the DOJ commented "Wang created malware that compromised millions of residential computers around the world and then sold access to the infected computers to cyber criminals." She said criminals used this access to conceal their identity and "anonymously commit a wide array of offenses". These include fraud, child exploitation and harassment, and bomb threats. 

It is estimated that more than 500,000 fraudulent unemployment insurance claims were sent from computers under his control, resulting in a loss of more than $5.9bn (£4.6bn). 

The DOJ accused Mr Wang of using the proceeds to buy $60m worth of luxury assets, and said it had seized a Ferrari, a Rolls-Royce, two BMWs and several watches, as well as bank accounts and crypto-currency wallets. He also bought property in the US, St Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates, it said. Mr Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.  If convicted on all counts, he faces a maximum penalty of 65 years in prison. 

Europol said it had arrested the ringleaders of several cybercrime networks that used botnets. It has made arrests in Armenia and Ukraine and taken down servers across the world including in the UK, the US and Germany. More than 2,000 websites are now controlled of European law enforcement agencies.

Europol said one of the main suspects had made more than €69 million (£58m) in crypto-currency using ransomware, installing software that makes it impossible for a person to access their computer unless they pay a fee.  The malicious software got on peoples' devices mainly through through phishing attempts - such as the kind of emails people are advised not to click on - and compromised websites.  

Europol said the investigate, named Operation Endgame, is ongoing and it has plans for future arrests with further police action are to  be announced. 

DoJ   |   Europol |   BBC   |   CNN   |    AU.News   |    AoL   |    ABC  

Image: Europol

You Might Also Read: 

LockBit Resurrection:

DIRECTORY OF SUPPLIERS - Fraud Detection & Prevention:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Telecoms - Beware Of The DDoS Threat Actor
Email Encryption: What It Is & How It Works »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.