How Free VPNs Aid Cybercrime: Inside the 911 S5 Scandal

Apparently, it’s possible for anyone using a VPN connection to unknowingly help in committing cybercrime! This concept is similar to what we typically see in a thrilling movie about hacking or other internet-based crimes.

However, it was not just a story.

This happened to the users of two free VPN services called MaskVPN and DewVPN. These services were made by a residential proxy service named 911 S5, which could offer more than 19 million residential IP addresses. The cybercriminals rented these IPs from them in order to cover their illegal actions such as COVID-19 aid scams or bomb threats with an intention of extorting money from innocent targets.

Things get more interesting with the US Treasury Department, as they put sanctions on three Chinese individuals connected to this evil plan. They were not just small players; instead, they created a VPN-driven botnet that transformed normal users’ devices into proxy servers without their consent. This configuration was very complex – it made the botnet difficult to dismantle and comprehend fully.

This is how it functioned: MaskVPN and DewVPN, in a manner similar to other genuine VPNs, linked your gadget to a server to conceal your true IP address. However, the fascinating part was that they simultaneously created an indirect connection with a botnet command-and-control server. This suggested that while you believed you were merely watching episodes of your most liked series or going through social media updates, your device was actually being used as a pathway for online criminal activities.

The University of Sherbrooke researchers were the first to express concern about this earlier 911 S5 service. Their study prompted KrebsOnSecurity’s investigation and they discovered one person connected with it, Yunhe Wang from Beijing. Alongside Wang, there were two other people who got penalties for laundering money that came from this cybercrime network and working on his behalf for different transactions like buying luxurious property.

The Treasury not only targeted people from other nations but also applied sanctions on businesses in Thailand that were involved in this operation. This shows how far-reaching this network of cybercrime can be worldwide. The sanctions dictate that any possessions these people or businesses possess within the US have now been immobilized and need to be reported.

This action from the Treasury highlights a rising worry about cyber criminals utilizing residential proxy networks. These types of networks make it more difficult to track and halt cyberattacks, as they cloak harmful activities under the appearance that they originate from normal people’s computers. It is a clear sign for everyone to become more careful with their digital tools, especially those that offer services for free. Finally, if it’s free, maybe you are paying in a different manner.

That’s why we advise you to be careful when using free VPNs.