Last week the FBI arrested Chinese national Yu Pingan in Los Angeles where he came to attend a technology conference. Yu was charged with distributing and using malware including the rarely used Sakula malware program used in the massive data breach against the Office of Personnel Management (OPM) in 2014 and 2015 that resulted in huge amounts of personal information including Social Security numbers and fingerprints of more than 20 million present and former government employees being stolen.
It is interesting to note that while the Sakula malware is quite sophisticated, to a great extent Yu’s arrest was as a result of his failing to do little to hide his name in communications regarding the use of the malware. An indication of Yu’s hubris is that he felt confident enough in his anonymity to attend a conference in the United States, which ultimately led to his arrest.
This arrest signals the continuing efforts the FBI is putting into apprehending cybercriminals. It also serves again as a warning to all of us to remember that despite our best efforts to protect our personal data, we are only as secure as the places that hold our personal data with the weakest security, which is why, whenever possible, you should limit the amount of personal information you provide institutions and companies with which you do business.