It’s a scheme that “reads like it’s ripped from a screenplay,” according to one Commerce Department official. Thirty-five-year-old Chinese national YunHe Wang allegedly helped run an international botnet that deployed VPN programs to infect more than 19 million IP addresses around the world.

After distributing malware through programs such as MaskVPN and DewVPN, Wang allegedly operated the botnet and sold access to the compromised IP addresses, according to the Department of Justice. The department says his customers then went on to commit their own crimes under the concealment of the proxied addresses.

The botnet, known as 911 S5, “facilitated cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations,” according to a statement from Attorney General Merrick Garland. The US worked with international partners to dismantle the operation, which infected computers in almost 200 countries, according to Federal Bureau of Investigation Director Christopher Wray.

The scheme sold access “to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials,” said Matthew S. Axelrod, Commerce Department Bureau of Industry and Security assistant secretary for export enforcement. The scheme’s $100 million in profits were allegedly then used to “buy luxury cars, watches, and real estate.”

The scheme allegedly operated between 2014 and July 2022.

Compromised computers allegedly were used to conduct a host of other crimes, including defrauding pandemic relief programs. The DOJ alleges that an estimated 560,000 fraudulent insurance claims came from compromised IP addresses, for example, leading to more than $5.9 billion in fraudulent losses.

The Treasury Department on Tuesday announced sanctions against Wang and two other Chinese nationals for their alleged roles in the botnet, prohibiting transactions with them or their designated organizations.

Wang faces up to 65 years in prison if convicted on all counts, which include charges of substantive computer fraud and conspiracy to commit money laundering, according to the DOJ.