A Chinese national was arrested by the FBI at the Los Angeles Airport on Wednesday after being indicted for using a malware to steal personal data of millions of US citizens.
The Chinese national was arrested by the FBI at the Los Angeles airport while on his way back to China after attending a conference.
The way Yu Pingan, a Shanghai resident, was arrested by the FBI on Wednesday echoes how Marcus Hutchins, the humble British hacker turned WannaCry killer, was arrested at the Las Vegas airport while on his way back to the UK after attending the Black Hat and Def Con cyber-security conferences in the city.
While Hutchins was indicted for creating and selling Kronos, a banking trojan used by hackers to steal banking passwords and financial data, the charges against Yu Pingan are much more serious. The FBI believes he had a direct role in the devastating cyber-attack on the US Government's Office of Personnel Management (OPM) in 2014.
Hackers behind the OPM data breach stole biometric data, including fingerprints, belonging to an estimated 5.6 million citizens and also stole sensitive information about 21.5 million current and former federal employees, including military personnel. Following the breach, the FBI, the Department of Homeland Security, the Department of Defense and other intelligence agencies cooperated to bring the hackers to book.
Prior to his arrest, Pingan was indicted by the US District Court for the Southern District of California not only for planning and implementing the cyber-attack on the OPM, but also for facilitating cyber-attacks on four other US companies between 2011 and 2015. The indictment states that he used the pseudonym 'GoldSun' to interact with other hackers and collaborated with two other Chinese citizens while conducting the alleged cyber-attacks.
Pingan is also accused of creating Sakula, a powerful malware that was used to steal data from OPM's servers and was also used in a cyber-attack on Anthem, the largest health insurance company in the US, in 2015. The data breach compromised sensitive details of around 79 million policy holders. In June this year, Anthem agreed to pay $115 million to affected customers as compensation for the breach.
Following the settlement in June, Anthem suffered a fresh data breach in July that exposed Social Security numbers and Medicare identification data of over 18,500 Anthem Medicare members. This time, the breach was orchestrated by an employee of one of Anthem's consulting firms who maliciously stole the data and leaked it to unauthorised parties.
Aside from these two major data breaches, the Sakula malware was used repeatedly by Pingan and his accomplices. According to the indictment, a Los Angeles-based company was at the receiving end of a major cyber-attack after hackers exploited a known vulnerability in the Internet Explorer browser to inject the malware. According to communications accessed by the FBI, Pingan and his accomplices may also have exploited vulnerabilities in Adobe's Flash service to conduct cyber-attacks on US firms.
Image source: Hackbusters