The FBI has arrested a Chinese national from Shanghai linked to the massive data breach that hit the Office of Personnel Management back in 2014 to 2015. Feds took the chance to nab Yu Pingan when he flew into the Los Angeles International Airport on Wednesday to attend a conference. He's now facing charges under the Computer Fraud and Abuse Act and accusations of conspiracy to defraud the United States. His circumstances and connection to the OPM breach are a bit convoluted, though, and the court papers filed to indict him didn't even mention the event.
The FBI says Yu, also known as the hacker "GoldSun" runs a site selling malware, including Sakula, a rarely used Trojan that security firms believe was used to infiltrate OPM's computers. That data breach compromised the private information of 21.5 million government employees and applicants, as well as their spouses and close relatives. The attackers got away with almost 30 years' worth of info, including people's SSNs, fingerprint data, bank account numbers and other personal details.
In addition to selling malware, the FBI says Yu also colluded with two other unnamed hackers to launch cyberattacks on at least four US-based companies. Feds found records of him talking about using a remote access Trojan to infiltrate companies as far back as June 2011. In 2013, one of his accomplices allegedly used Sakula to hack a company in Massachusetts.
The government has long believed that OPM's hackers are from China, but authorities from the Asian country have been denying their involvement in the data breach. As a result of what's considered one of the worst hacks in US history, the government had to create the National Background Investigations Bureau within the OPM to take charge of background checks. Unlike its parent agency, the NBIB doesn't keep data in OPM's computers anymore. The Pentagon now stores any info the NBIB gets from current government employees and applicants in a cloud-based system designed specifically for that purpose.