SHANGHAI:  A Chinese malware broker who was sentenced in the United States this year for dealing in malicious software linked to major hacks is back at his old workplace: teaching high-school computer courses, including one on internet security.

Yu Pingan, who spent 18 months in a San Diego federal detention center, had pleaded guilty to conspiracy to commit computer hacking. A high school instructor, he had been arrested at Los Angeles International Airport in August 2017 upon arriving with a group of teachers to observe a U.S. university. A Reuters reporter found him teaching at his old school here last month.

Yu Pingan was sentenced by a federal judge in February to time served and allowed to return to China. The victims of the hacking conspiracy included microchip supplier Qualcomm Inc, aerospace and defense firm Pacific Scientific Energetic Materials Co, and gaming company Riot Games, according to the judgment. Exactly what was stolen in the computer breaches wasn’t disclosed in public court filings.

 

Qualcomm declined to comment. A Riot Games spokesman said the company lost no data. Pacific Scientific didn’t respond to requests for comment.

Yu specializes in computer network security and programming, according to court records. The malware he provided in the conspiracy included a rare software tool called Sakula that granted hackers remote control over computers. It’s unclear who authored the malware or how Yu obtained it.

Sakula has been linked to some of the most notorious cyberattacks of the decade. In addition to the intrusions detailed in the case against Yu, these include hacks of U.S. health insurer Anthem Inc, where millions of patient records were exposed, and the U.S. Office of Personnel Management, in which the personal information of millions of current and former U.S. government employees and contractors was compromised. Yu wasn’t accused of involvement in those two breaches.

In addition to jail time, Yu was ordered to pay nearly $1.1 million in restitution to five companies that were victims of the hacking. The fine was to be paid in installments of $100 a month, with no interest, according to the judgment. The payment schedule would take more than 900 years to complete.

Jeremy Warren, a San Diego criminal defense attorney who represented Yu, said: “With a Chinese national, a school teacher, there’s no real expectation of payment.”

Yu’s 18 months in federal prison, he said, was no “walk in the park.”

China’s Ministry of Foreign Affairs said it had “no understanding” of the Yu case. “We resolutely oppose any type of cyber attack, and we investigate and a crackdown on any cyber attack occurring inside China or making use of Chinese internet infrastructure,” the ministry spokesperson’s office said.

Last month, Reuters found Yu, who is 39, teaching at Shanghai Commercial School, a state-run vocational-technical high school in central Shanghai. U.S. officials told Reuters that Yu had been teaching there prior to his arrest.

Digital signs outside classrooms indicated Yu was teaching at least two basic computer courses, including one called “Basic English for Internet Security.” One of his former students, a computer science major who is now in China’s military, said he couldn’t answer questions about Yu because of “political reasons” and that the school had instructed him not to discuss the matter.

On Nov. 1, a Reuters reporter saw Yu at an office on the school’s campus. Dressed in a red and blue plaid Oxford shirt, he declined to answer questions. Yu called a school official, who arrived with a security guard and escorted the reporter off the campus. The school official called Yu’s situation a private matter.

“It’s his own experience, and it has nothing to do with the school,” she said.

(with inputs from Reuters)