Chinese national arrested by FBI for orchestrating 2014 OPM data breach

Chinese national arrested by FBI for orchestrating 2014 OPM data breach

Chinese national arrested by FBI for orchestrating 2014 OPM data breach

A Chinese national was arrested by the FBI at the Los Angeles Airport on Wednesday after being indicted for using a malware to steal personal data of millions of US citizens.

The Chinese national was arrested by the FBI at the Los Angeles airport while on his way back to China after attending a conference.

The way Yu Pingan, a Shanghai resident, was arrested by the FBI on Wednesday echoes how Marcus Hutchins, the humble British hacker turned WannaCry killer, was arrested at the Las Vegas airport while on his way back to the UK after attending the Black Hat and Def Con cyber-security conferences in the city.

While Hutchins was indicted for creating and selling Kronos, a banking trojan used by hackers to steal banking passwords and financial data, the charges against Yu Pingan are much more serious. The FBI believes he had a direct role in the devastating cyber-attack on the US Government's Office of Personnel Management (OPM) in 2014.

Hackers behind the OPM data breach stole biometric data, including fingerprints, belonging to an estimated 5.6 million citizens and also stole sensitive information about 21.5 million current and former federal employees, including military personnel. Following the breach, the FBI, the Department of Homeland Security, the Department of Defense and other intelligence agencies cooperated to bring the hackers to book.

Prior to his arrest, Pingan was indicted by the US District Court for the Southern District of California not only for planning and implementing the cyber-attack on the OPM, but also for facilitating cyber-attacks on four other US companies between 2011 and 2015. The indictment states that he used the pseudonym 'GoldSun' to interact with other hackers and collaborated with two other Chinese citizens while conducting the alleged cyber-attacks.

Pingan is also accused of creating Sakula, a powerful malware that was used to steal data from OPM's servers and was also used in a cyber-attack on Anthem, the largest health insurance company in the US, in 2015. The data breach compromised sensitive details of around 79 million policy holders. In June this year, Anthem agreed to pay $115 million to affected customers as compensation for the breach.

Following the settlement in June, Anthem suffered a fresh data breach in July that exposed Social Security numbers and Medicare identification data of over 18,500 Anthem Medicare members. This time, the breach was orchestrated by an employee of one of Anthem's consulting firms who maliciously stole the data and leaked it to unauthorised parties.

Aside from these two major data breaches, the Sakula malware was used repeatedly by Pingan and his accomplices. According to the indictment, a Los Angeles-based company was at the receiving end of a major cyber-attack after hackers exploited a known vulnerability in the Internet Explorer browser to inject the malware. According to communications accessed by the FBI, Pingan and his accomplices may also have exploited vulnerabilities in Adobe's Flash service to conduct cyber-attacks on US firms.

Image source: Hackbusters

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles