The Justice Department says it has dismantled a botnet operation that infected millions of household computers in nearly 200 countries and enabled cybercriminals to conceal their identities while online. FBI Director Christopher Wray called it “likely the world’s largest botnet ever.”

YunHe Wang, 35, a Chinese national who allegedly led the scheme, was arrested last week and charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces up to 65 years in prison if convicted.

Authorities allege that from 2014 to 2022, Wang and others deployed malware on millions of Windows-based computers. Wang then allegedly created a proxy service called 911 S5 that sold access to more than 19 million infected internet protocol addresses — more than 600,000 of them in the United States — to cybercriminals. 

911 S5 allowed the purchasers to hide their identities while they committed a host of offenses that included cyberattacks, large-scale fraud, child exploitation, harassment, bomb threats and export violations, authorities said.

Among those crimes, the Justice Department alleges 911 S5 customers are responsible for more than $5.9 billion in losses connected to fraudulent claims to U.S. pandemic relief programs, including unemployment insurance.

According to court documents, Wang disseminated the malware through virtual private network programs that he operated and pay-per-install services that included pirated version of license software of copyrighted materials.

Wang was paid about $99 million for access to the IP addresses and used that money to buy real estate in the U.S., St. Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates, the Justice Department said. Authorities said they have seized dozens of assets and properties valued at about $30 million, including a 2022 Ferrari F8 Spider S-A, a BMW i8, a BMW X7 M50d, a Rolls Royce, more than a dozen domestic and international bank accounts, and over two dozen cryptocurrency wallets. 

Authorities also took control of 20 web domains. 

The operation, which included searching residences, also included law enforcement in Singapore, Thailand and Germany.

“This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cybercriminals to account,” Attorney General Merrick Garland said Wednesday.