The US and Europe have separately announced major takedowns of cybercrime networks that defrauded people of billions.
The US has arrested Chinese national YunHe Wang and seized assets including a Ferrari, luxury watches and 21 properties.
While Europol, Europe’s crime agency, has made four arrests but said eight fugitives are on the run. They will be added to Europe’s “most wanted” list.
Both the US Department of Justice (DoJ) and Europol each claimed their operations were the biggest bust of a “botnet” in the world.
Cybercriminals use so-called botnets to take over peoples’ computers and install malicious software.
This software can then be used to collect data from a computer, send spam or even delete personal data without the owner’s knowledge.
The DoJ said Mr Wang is accused of using a botnet to hack into more than 19 million devices across almost 200 countries.
Nicole Argentieri, principal deputy assistant attorney general, said: “Wang created malware that compromised millions of residential computers around the world and then sold access to the infected computers to cybercriminals.”
She said criminals used this access to conceal their identity and “anonymously commit a wide array of offenses”. These include fraud, child exploitation and harassment – and even bomb threats.
It also estimated that more than 500,000 fraudulent unemployment insurance claims were sent from computers under his control, resulting in a loss of more than $5.9bn (£4.6bn).
The DoJ accused Mr Wang of using the proceeds to buy $60m worth of luxury assets, and said it had seized a Ferrari, a Rolls-Royce, two BMWs and several watches – as well as bank accounts and cryptocurrency wallets.
He also bought property in the US, St Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates, it said.
Law enforcement agencies in Singapore and Thailand, as well technology giant Microsoft, were among the organisations that helped with the investigation.
Mr Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.
If convicted on all counts, he faces a maximum penalty of 65 years in prison.
Meanwhile, Europol said it had arrested the ringleaders of several cybercrime networks that used botnets.
It has made arrests in Armenia and Ukraine and taken down servers across the world including in the UK, the US and Germany.
More than 2,000 websites are now under the control of European law enforcement.
Europol said one of the main suspects had made more than €69 million (£58m) in cryptocurrency through what is known as ransomware – installing software that makes it impossible for a person to access their computer unless they pay a fee.
In addition, eight fugitives who are on the run and wanted in Germany for their involvement in cybercrime will be added to Europe’s most wanted list.
The malicious software got on peoples’ devices mainly through through phishing attempts – such as the kind of emails people are advised not to click on – and compromised websites.
Europol said the take down – dubbed Operation Endgame – is ongoing and it has plans for future busts.
