South China Morning Post
Advertisement
Advertisement
Computer hackers
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Sakula malware was involved in US Office of Personnel Management hacks detected in 2014 and 2015. Photo: Reuters
WorldUnited States & Canada

Chinese visitor arrested in Los Angeles on hacking charge, using rare malware linked to thefts of US government data

Computer hackers
Reuters
Reuters
Why you can trust SCMP

US authorities on Thursday accused a Chinese national visiting the United States of providing malware that has been linked to the theft of security clearance records of millions of American government employees.

Yu Pingan of Shanghai was arrested on Monday at Los Angeles International Airport after a federal criminal complaint accused him of conspiring with others wielding malicious software known as Sakula, a Justice Department spokesman said on Thursday.

The complaint said the group attacked a series of unnamed US companies using Sakula, the same rare programme involved in US Office of Personnel Management (OPM) hacks detected in 2014 and 2015. The filing did not mention the OPM hacks.

The arrest could provide information on the OPM hacks which US officials have blamed on the Chinese government.

In an FBI affidavit linked to the complaint, an FBI agent said he believed Yu provided versions of Sakula to two unnamed men that he knew would be used to carry out attacks on the firms.

Yu’s court-appointed lawyer, Michael Berg, said Yu was a teacher with no affiliation with China’s government.
A file photograph shows oa list of viruses at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes, France. Photo: AFP

“He says he has no involvement in this whatsoever,” Berg said, adding that Yu came to Los Angeles for a conference.

The Justice Department and San Diego FBI declined to comment further.

The court filings said Sakula had rarely been seen before the attacks on US companies and Yu knew the software he was providing would be used in the hacks carried out between 2010 and 2015.

The suspect, along with other conspirators in China “would acquire and use malicious software tools, some of which were rare variants previously unidentified by the FBI and information security community, including a malicious software tool known as ‘Sakula’,’’ the criminal complaint states.

Though the victims are not named, some companies appeared to be in the aerospace and energy industries.

Adam Meyers, vice-president at US security firm CrowdStrike, said software flaws and one of the internet protocol addresses cited in the complaint matched up with attacks on a US turbine manufacturer, Capstone Turbine, and a French aircraft supplier.

Meyers said Sakula could be used by multiple groups, but that all of the known targets would be of interest to the Chinese government.

The OPM breach was a subject of US-China talks, and the Chinese government previously told American diplomats it had arrested some criminals in the case.

Yu remains in jail pending a court hearing on his detention next week.

Additional reporting by The Washington Post

This article appeared in the South China Morning Post print edition as: Chinese man detained in US, accused of hacking
Post