Chinese national arrested in connection with 2014 OPM hack

The FBI has arrested a Chinese national who authorities say supplied a hacking code that penetrated the Office of Personnel Management, exposing the personal information of millions of U.S. citizens.

Yu Pingan, 36, was arrested Monday at Los Angeles International Airport.  Authorities also say he supplied the same code that hacked at least four U.S. corporations.

Fox News:

FBI Special Agent Adam James said in an affidavit filed with a court that the FBI is after a group of hackers who compromised companies' computer networks with "an uncommon malicious software tool known as 'Sakula,'" and other hacking tools, the Wall Street Journal reported.

Seized communications revealed that Yu had provided the software to others and was aware that the malware would be used breach data, James said.

According to Adam Meyers, vice president of cybersecurity company CrowdStrike Inc., the Sakula software has been often used against "a number of high-profile targets."

"Over the 2012 to 2015 timeframe, we saw lots of significant breaches involving Sakula," Meyers told the Wall Street Journal.

The arrest of Yu is one of the first cases brought against a Chinese national based on the Computer Fraud and Abuse Act following a 2015 agreement between President Barack Obama and Chinese President Xi Jinping to stop theft of industrial trade secrets, the New York Times reported.

The federal complaint, according to the Times, claims that the suspect has been using the malicious software since 2012 and the FBI agents suggest Yu is among a small circle of Chinese hackers using the code.

The data breach, which started in 2014 and was discovered in 2015, let hackers steal personal information of government employees, including addresses, health and financial histories, and fingerprints, the Times reported.

The federal criminal complaint, however, does not accuse Yu of personally being responsible for the hacking of the Office of Personnel Management – only the malware he was providing.

Michael Berg, Yu's court-appointed attorney, claimed the detained man is not affiliated with the Chinese government and is merely a teacher.

"He says he has no involvement in this whatsoever," the attorney said, according to Reuters, adding that he came to the U.S. for a conference.

It is significant that authorities have not been able to connect Yu to the infamous Chinese army cyber-warfare bureau, PLA 61398, that some cyber-security experts believed was responsible for the OPM hack.  But it's not likely that the Chinese government would leave a bread crumb trail that could easily be followed back to it. 

We've seen similar deception efforts from Russian hackers, some of whom are almost certainly tied in some way to the Russian government but are able to hide their tracks to prevent U.S. authorities from making a connection.

The government has yet to come completely clean about that 2015 OPM hack.  We know the approximate number of records that were exposed and how the hackers were able to penetrate a federal contractor's computers to gain access.  But who got those records and what might have been done with them is a mystery.

If you experience technical problems, please write to