Man from China indicted in Indiana for hacking into firewall to steal data

Guan Tianfeng (Provided Photo/U.S. Department of Justice)

HAMMOND, Ind. (WISH) — A man from China has been indicted in a federal court in northern Indiana for breaking through firewalls in 2020 to steal information from malware-infected computers, the U.S. Department of Justice says.

Guan Tianfeng, 30, of Sichuan Province, and others “exploited a vulnerability in tens of thousands of network security devices,” said Deputy Attorney General Lisa Monaco.

The indictment, filed Sept. 19, was public shared Tuesday.

Firewalls generally work to protect computer traffic going to and from trusted internal networks and unprotected external networks. Guan and others used a vulnerability found in firewalls from United Kingdom-based Sophos Ltd. They used domains that appeared to be from Sophos and infected 81,000 firewall devices worldwide, including one used by an agency of the United States. The infected devices included ones in northern Indiana, although specifics were not provided in a news release from the Justice Department or in court documents redacted for public distribution.

“Sophos discovered the intrusion and remediated its customers’ firewalls in approximately two days, which caused the co-conspirators to modify their malware,” the release said. ” As modified, the malware was designed to deploy encryption software from a ransomware variant in the event the victims attempted to remove the malware. Their encryption efforts did not succeed, but demonstrated the conspirators’ disregard for the harm that they would cause to victims.”

Guan worked for Sichuan Silence, a China-based private company that has provided services to the Chinese government, including its Ministry of Public Security. Sichuan Silence publicized the development of a product that could scan and detect overseas network targets to obtain valuable intelligence information.

The U.S. Department of State this week continued to search for Guan. A reward of up to $10 million has been offered for information on Guan and other Sichuan Silence cyberactivity considered to be malicious.

“The FBI continues to investigate Sichuan Silence’s hacking activities and intrusions into various edge devices,” the release said.