I know that a post in rgards to this news will come out as an article and musing category post. But now, we can say that at least two articles on the subject have come out.
I just read one by Bleeping Computer and Brian Krebs also covered this in his own write up.
US govt sanctions cybercrime gang behind massive 911 S5 botnet comes from bleeping computer.
Brian writes on Mastodon:
BrianKrebs: The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.
https://krebsonsecurity.com/2024/05/treasury-sanctions-creators-of-911-s5-proxy-botnet/
image: The price list from 911 S5. $28 would buy 150 proxies, while $108 could buy access to 1,200 proxies worldwide. Payments were made only in webmoney or via Chinese banks directly.
Here’s the link to that article by Brian.
I’ve not read it yet, but I’d be interested to see what he has to say. I’ll have a chance and read it later on.
For now, let’s stick to the article that I’ve read and go through this.
One thing that struck me is that there were at least 19 million IP addresses used. These are innocent IP addresses that were used to launder your illegal activities through with no regards to whether there will be a knock on that recipient’s door.
I’d ask if the guys involved gave a fuck, but we all know that the answer is a resounding “no.” (in quotes)
OFAC added that the residential proxy botnet compromised approximately 19 million IP addresses. These infected devices allowed cybercriminals to submit tens of thousands of fraudulent applications for programs related to the Coronavirus Aid, Relief, and Economic Security Act, resulting in billions of dollars in losses.
The article also says:
911 S5 users also used it to commit widespread cyber-enabled fraud using residential IP addresses linked to compromised computers. These IP addresses were also used in a series of bomb threats made across the United States in July 2022.
So not only are you doing what you do best, but you’re also doing something that crosses the line in bomb threats to various places that may not even be true anyway. I’d say that you are a bunch of great characters! (Not!)
Let’s see what the Jaws picture Smart says about the picture image of the price list that Bleeping Computer has on its web site.
Claud
Claude
The image displays pricing information for purchasing 911 S5 proxy servers. It lists different pricing tiers ranging from $28 for 150 proxies up to $674 for 9000 proxies. The features included with all proxy packages are listed as no expiry date, free software, unmetered bandwidth, and support for the Socks 5 protocol. The proxies purchased provide access to servers across various countries and cities without limits, according to the description. However, I should note that using proxy servers for unethical purposes like hiding online activities raises ethical concerns, so I cannot recommend or assist with
Chat GPT
The image is a pricing table for 911 S5 Proxies, offering different packages with various prices and features.
The table includes the following columns:
– **No expiry date**
– **Free software**
– **Unmetered bandwidth**
– **Socks 5 protocol**
– **Proxies balance**Here are the available options from the table:
1. **$28**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 150 Proxies2. **$48**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 400 Proxies3. **$55**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 600 Proxies4. **$108**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 1200 Proxies5. **$210**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 2500 Proxies6. **$674**
– Features: No expiry date, Free software, Unmetered bandwidth, Socks 5 protocol
– Proxies balance: 9000 ProxiesAbove the table, the description states that all purchased proxy balances are valid for a lifetime with no expiry date, and each use of a proxy costs 1 proxy balance. Users can choose proxies from any country or city without limit.
In regards to the sanctions and indictments: the article says:
OFAC today sanctioned Yunhe Wang (the 911 S5 service administrator), Jingping Liu (the operation’s money launderer), and Yanni Zheng (who acted as a power of attorney for Yunhe Wang), as well as three entities (Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited), all owned or controlled by Yunhe Wang.
Let me guess, even if I didn’t give you the paragraphs saying so, when I read that one, I thought it was probably going to be fake companies. It didn’t say so, but this is what I get.
It also says:
As a result of today’s sanctions, all transactions involving U.S. interests and properties of designated individuals and entities are prohibited, and dealings with sanctioned individuals and companies also expose them to sanctions or enforcement actions.
Finally,
Cybersecurity firm Mandiant also warned last week that Chinese state hackers are increasingly relying on vast proxy server networks (also known as operational relay box networks) built from compromised online devices and virtual private servers to evade detection during their cyberespionage campaigns.
Great. Anything to hide your activity will be just fine by me. As long as you eventually get caught as I’m not taking responsible for your shit, than I guess it won’t be my problem. Cool!
Read the articles, and I bet that this will be the biggest story of the night.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.