
FBI arrests Chinese national connected to malware used in OPM data breach - bane
http://www.cnn.com/2017/08/24/politics/fbi-arrests-chinese-national-in-opm-data-breach/index.html?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BBEcltcCzThm2fbDXrNG%2Fdg%3D%3D
======
lyndonjohnsonbe
OPM breach was one of the worst things to happen to national security
recently. They weren't pointing any fingers for a while, but suspected the
Chinese to have something to do with it. It looks like they are a lot more
sure now.

OPM asks applicants very personal questions to see if they are being honest.
The leak included information on government employee's that have clearance
about infidelity, drug use, debt, and other sensitive topics for people
working in very sensitive positions. Also more benign stuff like every place
they have ever lived and people they had contact with while living in those
places. That information could be used in a lot of ways.

~~~
rdtsc
Exactly.

It was such a massive breach and it was surprising how little press it got.
The "Russians" hacking the election with flaky evidence has gotten magnitudes
more of coverage.

And here is detailed information about current and present government
employees, many in the intelligence agencies, tens of millions of people total
probably. Including biometric data like fingerprints, deeply personal stuff
like past transgressions, addictions, financial trouble, health information --
these are things that could be used to approach or entrap someone in a
blackmail scheme. And comparatively it was barely a blip in the news.

CIA if I remember correctly was the only not affected. But it is not unheard
of people moving between agencies so there is still risk there.

------
sasas
The article states - "He faces charges related to creation of the Sakura
malware, which the FBI has said was used the breach."

The grugq's response on this matter -

"The chilling effect of the US charging tool developers for the actions of
their clients are detrimental to securing the Internet."[1]

So what we may have is 3rd party vendors being personally liable for their
involvement in government espionage activities.

[1]
[https://twitter.com/thegrugq/status/901833246505185282](https://twitter.com/thegrugq/status/901833246505185282)

------
TACIXAT
The article lists the malware family as Sakura but the breaches appear to
involve to a RAT called Sakula. [1] There does appear to be an exploit kit
named Sakura, but it not associated with any APT campaigns.

1\. [https://www.crowdstrike.com/blog/ironman-deep-panda-uses-
sak...](https://www.crowdstrike.com/blog/ironman-deep-panda-uses-sakula-
malware-target-organizations-multiple-sectors/)

------
quuquuquu
Some reminders: everyone is innocent until proven guilty in a court of law in
the USA.

there have been quite a few people arrested now who traveled from a non-
extradition country to an extradition one (btce guy, this guy, malwarenews guy
[though he was UK])

it seems someone in the US thinks it's fun to just swipe people up on
suspicion, so let's try not to assume they're instantly guilty

~~~
KGIII
In theory, a reasonable suspicion is established by the prosecution, and
approved by a judge, prior to a warrant being issued. This is often further
reviewed, by a judge, prior to the extradition request.

I make no claims about this specific case, but that's how it's supposed to
work. There have been cases of unlawful renditions, but this doesn't appear to
be that and those matters don't usually show up in court. It's not perfect,
but reasonable suspicion is what warrants are based on.

~~~
quuquuquu
I don't necessarily disagree with what you said, but the variable "reasonable"
here is of course up for debate, since suspicion is very easy to have.

We don't know the specifics, yes, but the evidence presented in these types of
cases is not exactly compelling.

MalwareNews kid made a tweet about some malware.

The Temple professor who was also a Chinese national was wrongfully arrested
while "trying to flee the USA with trade secrets." He is now suing the FBI.

BTC-E guy was snatched up in Greece after traveling from Russia for vacation.
We don't know the details, but presumably if he really thought he was a truly
wanted cyber criminal, he would have never left.

And Gottfrid Svartholm was extradited from Cambodia to Sweden, without an
extradition treaty!!!! All so he could be tried for copyright crimes against
US corporations.

So, for these reasons, I am hesitant to say that this Chinese guy in
particular without a doubt is guilty, just because he was arrested (snatched
up.)

