Chinese man arrested for OPM hack
The FBI has arrested a Chinese national from Shanghai linked to the massive data breach that hit the Office of Personnel Management back in 2014 to 2015. Feds took the chance to nab Yu Pingan when he flew into the Los Angeles International Airport on Wednesday to attend a conference. He's now facing charges under the Computer Fraud and Abuse Act and accusations of conspiracy to defraud the United States. His circumstances and connection to the OPM breach are a bit convoluted, though, and the court papers filed to indict him didn't even mention the event.This looks like a major break in the worst hack of the US in history. The story does not indicate whether there was any cooperation from China leading to the arrest of the alleged perp. The FBI priority should include finding out what he did with the data he allegedly hacked.
The FBI says Yu, also known as the hacker "GoldSun" runs a site selling malware, including Sakula, a rarely used Trojan that security firms believe was used to infiltrate OPM's computers. That data breach compromised the private information of 21.5 million government employees and applicants, as well as their spouses and close relatives. The attackers got away withalmost 30 years' worth of info, including people's SSNs, fingerprint data, bank account numbers and other personal details.
In addition to selling malware, the FBI says Yu also colluded with two other unnamed hackers to launch cyberattacks on at least four US-based companies. Feds found records of him talking about using a remote access Trojan to infiltrate companies as far back as June 2011. In 2013, one of his accomplices allegedly used Sakula to hack a company in Massachusetts.