Yu Pingam, a Chinese malware broker who was charged and sentenced for dealing with malicious software linked with hacking websites of major US-based companies is found to be working back at his old workplace in China. He is working as a teacher for high school computer courses including a course on cybersecurity.
He was arrested and spent 18 months in San Diego Federal retention center and was pleaded guilty for conducting major hacks. Yu was sentenced by the Federal judge in February and was allowed to return to China after the time served. He had arrived in Los Angeles with a group of teachers to observe a US University in August 2017 and was arrested at the Los Angeles International airport.
The victims of his hack included Qualcomm Inc, Pacific Scientific Energetic Materials Co – Aerospace and defense firm, and Riot Games – a gaming company. These firms have confirmed that they did not lose any important data and it is not disclosed what exactly was stolen from their software. Qualcomm and Pacific declined to comment on Riot Games said that they have not lost any data.
The malicious software provided by Yu is called Sakula and this lets the hackers gain remote control over computers. This software has been involved in most of the cyber crimes of this decade, including hacking of Anthem Inc., the US health insurance company. The health records of millions of patients(customers) were exposed through this. Another major hack occurred in the US Office of Personnel Management, where the details of many U.S government employees were compromised. Yu was not accused of these cyber crimes and as of now, it is unclear about how he obtained the Sakula software.
Yu Pingam was charged a fine of $1.1 million in addition to the 18 months sentence to the companies which were the victims. As a high school teacher, it is not expected for him to pay off this amount anytime soon. The government has allowed him to pay the fine in installments of $100 per month which would take almost 916 years to completely pay the amount.
According to Jeremy Warren, a San Diego defense attorney who represented Yu in court, “ with a Chinese national, a school teacher, there is no expectation of payment”.
The Chinese foreign affairs ministry spokesperson said that they oppose any kind of cyber crimes and they will investigate and crack down any cyber attack occurring inside China or making use of Chinese internet infrastructure. They also added that they do not have an understanding of the Yu case. The ministry declined all other cases alleging the Chinese of hacking US companies and accused Washington of showing the cold war mentality in tech-related issues.
There were other Sakula related cases last year in which the U.S alleged two Chinese intelligence officers and a team of recruited hackers for interfering in the computer systems of a Western company for more than 5 years.
According to the court, Yu went under the nickname of Goldsun and was accused of teaming with other Chinese individuals and sharing the malware to hack the computer systems around the US. The FBI affidavit by Adam James, a special agent, says that Yu provided Sakula and other malware used in the crime. They overheard a conversation between Yu and 2 other unidentified co-conspirators and James alleged Yu of installing an unauthorized back door on an unidentified company’s computer network to gain remote access.
They named it the” watering hole attacks” which means that the predator attacks the prey when it goes to drink water. The malware will similarly infect the computers of those visitors opening compromised websites.
Yu is teaching at a commercial school in Shangai and the digital signs outside classrooms say that he ha been teaching two computer subjects including “basic English for internet security”. It was said by Reuters reported that he saw Yu at the School campus and that Yu declined to answer any questions. The reporter was escorted out of the campus following Yu’s request. The students or the school officials do not talk about the issue and called it Yu’s private matters.
Source – Reuters