USA indicts the Chinese hacker who breached Anthem’s website

  • By Paul Rubell
  • 30 Aug, 2017

A 36-year old Chinese national from Shanghai has been indicted by a federal court in California for transmitting malicious software tools to companies located in the United States.

Yu Pingan was arrested on August 27, 2017 when he arrived in the United States to attend a conference.  Pingan used the online pseudonym GoldSun to install malware and viruses on company computers.  In addition, the United States government has alleged that GoldSun delivered zero-day exploits and caused denial of service (DOS) attacks on major corporate and government computer networks.  GoldSun’s computer code makes networks and websites vulnerable to being controlled and taken over remotely and susceptible to being hacked. The government charged GoldSun with one count of violating the Computer Fraud and Abuse Act and conspiracy to defraud the United States.  The United States government claims that Pingan has caused far-reaching damage to the nation’s security infrastructure and economy.

 Among GoldSun’s technical “accomplishments” was the successful data breach of Anthem’s healthcare network and release of personal health information (PHI) about 80 million of its customers in 2015. The released data included  home addresses, dates of birth, Social Security numbers, email addresses and  income data belonging to both current and former customers and employees, including Anthem’s chief executive.

In addition to the Anthem attack, in 2015 GoldSun broke into United States government computer systems in the Office of Personnel Management (OPM) and improperly obtained sensitive personal information including background checks and  financial information involving about 4 million government workers dating back for 30 years.

In support of the government’s request to arrest and indict GoldSun, FBI Special Agent Adam James told the federal court judge that:

“Based on the evidence described above showing that [Pingan] provided malware … to maliciously target a discrete group of U.S. companies’ computer networks, including the novel and rarely-used Sakula malware, I submit there is probable cause to arrest YU for conspiring to commit fraud in connection with computers, in violation of 18 U.S.C. §§ 371 and 1030(a)(5)(A).”

Is the People’s Republic of China the driving force behind GoldSun’s attacks on the American economy and government, or did GoldSun act purely for his own economic gain? In either case, American citizens have been harmed by these and other assaults on our way of life. It is essential for all of us to deploy best practices to secure our personal and corporate information.  Cyber liability insurance and good legal and IT advice are good ways to begin.

Cyberliability and Privacy Issues in the Food and Beverage Industry

By Paul Rubell November 2, 2018
Cyberliability and privacy are very important to the food, beverage and hospitality industries. Today the industry faces many 21st century risks. Paul Rubell addresses these risks.

Europe Can Regulate Your Company's Facebook Page

By Paul Rubell July 16, 2018
by Paul Rubell, Esq. Every company in the world that has a Facebook social media page may be subject to the European Union’s newly-enacted GDRP (General Data Protection Regulation) and the chokehold of EU law enforcement. Many businesses wrongly believe they are not collecting personal data via their Facebook pages but that is likely not […]

Are violent selfies protected by the Constitution?

By Paul Rubell April 29, 2017
Taking videos is a form of expression that is guaranteed by the Bill of Rights. However, even free speech has constitutional limits. For instance, if you shout "fire" in a crowded theater, you can be arrested and the 1st Amendment will not protect you.

Not best practices: Apple’s iCloud is neither private nor secure

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Can your business survive a massive data breach? If your business stores, backs up or syncs its data to the cyber cloud, take note. Apple’s iCloud is currently the subject of ransomware. As you will read, the moral to this article is that confidential business data, trade secrets, customer lists and […]

Best practice to keep your trade secrets private: avoid Password Managers

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Information is the currency of 2017. For this reason it is mission-critical to keep data currency safe, secure and private. Just as gold bricks should be stored in a physical safe, data needs to be kept secret electronically. Passwords are the key to enter the digital vault. Strong passwords are designed […]

Twitter says hello to hacking; Users say goodbye to privacy

By Paul Rubell March 16, 2017
Enjoy my newest article. You can read more on my blog at paulrubellblog.wordpress.com.

Awaiting the President’s Cybersecurity Executive Order

By Paul Rubell March 13, 2017
by Paul Rubell, Esq. Witness today’s risks of cyber crime.  Hackers, bad actors and foreign governments have long had the ability to assault our Nation. Current events have opened citizens’ eyes to the reality of the cyber threat. It is remarkable how the public has either forgotten or turned a blind eye to well-known security […]

Net Neutrality is No More

By Paul Rubell March 3, 2017
By Paul Rubell, Esq. Internet users have been suddenly stripped of an important source of privacy protection.  On March 1, 2017, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) abruptly suspended the net neutrality rules that had been scheduled to go into effect on March 2nd.  Internet users in the United States have […]

Cross-Browser Tracking: It’s time to update your Privacy Policy!

By Paul Rubell February 16, 2017
by Paul Rubell, Esq. It is remarkable that many companies do not know the vastness of private information they obtain from their social media and website.  It is essential for every business to understand its legal responsibility to protect their customers’ personal information. OLD NEWS:  Web browsers can follow your voyage through the Internet. Firefox, Internet […]

The Internet of Things is not especially secure

By Paul Rubell January 24, 2017
by Paul Rubell, Esq. Cameras and other surveillance devices are supposed to protect your home. It’s kind of bittersweet, then, that these devices are not especially secure themselves. Hackers can turn home protective devices such as cameras against their owners.  IoT cameras can unlock the door to your home instead of safeguarding it. Samsung’s SmartCam […]
More Posts