US and allies arrest alleged cybercrime ringleader, seize millions in sports cars in major Covid-19 fraud bust

A 35-year-old Chinese man has been arrested in Singapore, and millions of dollars in cars, watches and real estate have been seized as part of a blockbuster raid on a global cybercriminal network that defrauded the US government of billions of dollars, the Justice Department said Wednesday.

The Chinese man, YunHe Wang, is accused of helping assemble a vast network of infected computers, known as a botnet, that was used to carry out bomb threats, send child exploitation materials online and conduct financial fraud, among other schemes, the department alleges. Fraudsters used the botnet to submit tens of thousands of fake applications for federal relief during the coronavirus pandemic, leading to losses of about $5.9 billion, according to statements from the Departments of Justice and Treasury.

The alleged cybercriminal conduct and the lavish lifestyle it funded “reads like it’s ripped from a screenplay,” Matthew Axelrod, a senior US Commerce Department official involved in the investigation, said in a statement.

Law enforcement agents seized about $4 million worth of watches, sports cars and other luxury assets, including a Ferrari and Rolls-Royce, and $30 million in real estate properties across East Asia, the Middle East, the Caribbean and the US, Brett Leatherman, a senior FBI official, told reporters. Wang used money he earned from renting the botnet to buy property in those locations, according to an indictment unsealed in the US District Court for the Eastern District of Texas.

Authorities in Singapore and Thailand worked with the FBI on the bust, the Justice Department said.

Court records did not list an attorney for Wang. Leatherman said the US government was pursuing his extradition to the US and that an investigation into other potential suspects was ongoing.

Wang and other alleged members of the criminal network used virtual private networking (VPN) to spread their malicious code, infecting 19 million different IP addresses worldwide, including over 600,000 in the US, according to prosecutors. IP addresses are the unique numbers that correspond to individual devices on the internet.

The new charges are only the latest alleged example of opportunistic fraud that has been rampant across the US since Covid-19 emerged more than four years ago. Fraudsters pounced on opportunities to exploit the more than $2 trillion federal economic stimulus package known as the CARES Act, a 2020 law that the botnet allegedly targeted.

The problem got so bad that the Secret Service named a senior official as National Pandemic Fraud Recovery Coordinator to try to claw back some of the many billions that were stolen.

Such frauds are ongoing. The IRS said in March it had investigated tax and money laundering cases related to Covid-19 fraud potentially worth about $9 billion, with more than half that amount coming from cases opened in the last year.

For more CNN news and newsletters create an account at CNN.com