OPM Incidents

Hacking and unauthorized access to distinct network systems are some of the cons of technological advancements in computation. Hackers pose imminent threats to an organization's data such as deletion, manipulation, and theft (Park et al., 2016). In the case of a system breach, psychological profiling can aid security engineers and law enforcement to track the hackers, who often cover their tracks. Notably, The Office of Personnel Management was exposed to malicious attacks between 2013 and 2014. The hackers used Plug X and a variant of Sakula virus to carry out the attacks (Fruhlinger, 2018). The FBI believes that Yu Pingin and two unidentified Chinese state-based hackers were responsible for a series of hacking of US computer networks. Given that a psych profiling of Yu Pingin identified him as the source of the Sakula malware used in OPM's system hack, he could be linked to Chinese based hacker groups that utilized the same malware and habits to manipulate US networks I separate incidents.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Yu Pingan Psych Profile

Yu Pingan, a Chinese national, was arrested upon visiting the United States for being associated with several hacking incidents in the country (Fruhlinger, 2018). The federal Bureau of Investigations (FBI) believes that the suspect had provided malware that was used to hack four US companies. Yu Pingan is accused of conspiring with Chinese based hackers to maliciously attack a series of companies within the united states using a program named Sakula (Fruhlinger, 2018). The same software malware was linked with OPM's hacking incidents, which were identified in 2013 and 2015 (Fruhlinger, 2018). An email investigation of the accused revealed that he provided the software malware to two unidentified persons. The FBI obtained email conversations between Yu and the hackers, which revealed that he sold them the Sakula malware variant ("Defendant Yu Pingan was a malware broker," 2017). Additionally, the reports showed that he was aware that the Sakula program would be used to maliciously hack networks in the US ("Defendant Yu Pingan was a malware broker," 2017). The FBI also linked the suspect to the Chinese government; however, China relentlessly dissociated itself from the claims. Yu Pingan remained adamant that he was a teacher and had no involvement whatsoever with the incidents and was remanded for further investigations.

Chinese State-backed Hacking Groups

The hacking groups X1 and X2 are often believed to be from the PRC and working in tandem to maliciously tamper with the OPM system. The FBI indirectly linked X1 and X2 to the other two unidentified groups that were involved in the hacking of four unidentified US companies between 2010 and 2013 (Fruhlinger, 2018). The two hacking incidents are believed to be orchestrated by a single group or individual with the help of Yu Pingan. According to the United States of America vs Yu Pingan court case, two different hackers (uncharged Co-conspirator 1 and Uncharged Co-conspirator 2) utilized the Plug X and Sakula malware to infiltrate four companies using related domains ("Defendant Yu Pingan was a malware broker," 2017). The FBI's investigations revealed that the Sakula malware was a new and rare software application by 2013. Additionally, email conversations between Yu and the Chinese hackers revealed that Yu provided the Sakula software. Given that the malicious software was only reported in two incidents, there was a high possibility that the same persons were involved in both cases (Menn, 2018). Additionally, the hack on OPM's system was conducted in two separate incidents that seemed to supplement each other and similar to how the four companies were infiltrated by two separate yet related domains. The above two habit similarities point out that X1 and X2 may be synonymous with the attackers in the USA vs. Yu Pingan Case.

Psychological Aspects of the Hackers

Different studies have revealed that hackers often utilize clandestine methods over the Internet to avoid being noticed (Chan & Janjarasjit, 2019). Some hackers utilize domain names that are similar to the targets to avoid raising suspicion. The situation has led to most companies being vulnerable to authorized attacks since they are not aware of security breaches (Chan & Janjarasjit, 2019). For instance, OPM realized they had an intruder in their systems after almost a year. The hackers uploaded malicious files, such as mcutli.dll, which created a beacon on the opm-security.org domain to notify them of the successful installation of malware programs. The mcutli.dll file looked like a MacAfee security software component, which can easily be unidentified if a company uses the McAfee internet security suite. The ability to camouflage malicious files with legitimate programs often make hackers go unnoticed.

Additionally, OPM's hackers used domain names such as Tony Start and Steve Rogers to conceal their real identities. The names reflected Marvel's characters Iron Man and Captain America. According to Park et al. (2016), hackers often use random names to register their domains with a DNS Service provider to avoid being identified by law enforcement. They can also utilize a dynamic DNS that allows random changes of IP addresses associated with the domain names to avoid being tracked. In this case, X1 and X2 used Marvel's fiction names to register their domains, which made it hard for security engineers to identify their real identities. However, in USA vs. Yu Pingin, the FBI identified that YU had used his real email address and name to register the penlab.com website, which often provided UCC#1 with malicious software. The failure to use a

Unauthorized intruders often use several malware variants to avoid their detection and to continue to use a system even after they have been identified (Chan & Janjarasjit, 2019; Tweneboah-Koduah, Skouby, & Tadayoni, 2017). They achieve this by identifying additional backdoors once they infiltrate an organization's network. They utilize Remote Access Trojans (RAT) that permit them to manipulate computers on which the software program is installed (Park et al., 2016). Noticeably, they prey on an institution's inability to completely secure its networks. For example, OPM failed to put up adequate security measures that would allow them to identify subsequent X2 attack. They also did not have two-factor authentication security that would deter attackers who have access to usernames and passwords.

In 2014, OPM officials acknowledged that they had been hacked. They decided to allow the attackers to remain within a confined location of their network to track their moves. The agency anticipated utilizing a "big bang" plan, which would reset the system and purge the intruders out. Notably, OPM implemented the plan in May 2014; however, the hackers had already identified a zero-day exploit-a vulnerability on a system or a computer that only the hackers know about. Therefore, the system reset did not completely expel them out of the system. The zero-day exploit allowed X2 intruders to install a variation of PlugX malware into OPM systems. Additionally, they installed the Sakula remote control malware, which was linked with Yu Pingin and other hackers from the People's Republic of China. The two software malware Plug X and Sakula helped the intruders to steal information through several domain name systems (Fruhlinger, 2018).

My Psych Profile

I can identify that most of the hackers' behavior matches my coding and surfing habits. For instance, I often change my IP address while using the internet to evade detection by intruders. Unlike the hackers who utilize it for malicious benefits, I frequently use a DDNS to mask my computer, while visiting insecure websites. According to Chan & Janjarasjit (2019), identity masking is a common psychological aspect for hackers since they believe that anybody can be hacked due to the presence of a vulnerability on one's network or computer. The identity masking helps to deter hackers since they find it difficult to track my activities online.

Additionally, I often use funny or fiction names to register internet domains, which was utilized by X1 and X2 groups. Occasionally, I use characters from my favorite novels to name my domains since they look cool or have the ability to attract visitors to the website. The behavior allows me to avoid leaving a lot of trails concerning my activities online. Additionally, in most of my blog websites, I often try to match the names of popular sites to confuse Internet users. Unlike malicious hackers who use this technique to orchestrate a watering pool attack, I use it to increase traffic to my blogs. The habit has worked multiple times since most people are unaware of small variations in domain names.

Conclusion

Overall, psyche profiling allows investigators to identify the type and character of an unknown offender. It allows the prediction and tracing of individuals of interest. Hackers often use different methods such as hiding IP addresses, using fiction domain names and using malware variants to avoid leaving traces concerning their identity. They also prey on a system vulnerability and create backdoors that allow hacking. A psyche profiling of Yu Pingan is associated with OPM's hacking due to his relationship with intruders from PRC. Noticeably, my psyche profiling matches those of the PRC based hackers in such a way that I use comical names to register my domains, hide my IP address, and cover my traces while visiting unsecured sites to avoid detection.

References

Chan, S. H., & Janjarasjit, S. (2019). Insight into hackers' reaction toward information security breach. International Journal of Information Management, 49, 388-396. https://doi.org/10.1016/j.ijinfomgt.2019.07.010Defendant Yu Pingan was a malware broker in the People's Republic of China ("PRC"). (2017). Politico. Retrieved from https://www.google.com/search?q=yu+pingan+hacker+FBI+pysch+profile&rlz=1C1CHBF_enKE810KE810&oq=Yu+&aqs=chrome.0.69i59l3j69i57j0j46.6291j0j7&sourceid=chrome&ie=UTF-8Fruhlinger, J. (2018). The OPM hack explained: Bad security practices meet China's Captain America. CSO. Retrieved from https://www.csoonline.com/article/3318238/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.htmlMenn, J. (2018). Chinese national arrested in Los Angeles on U.S. hacking charge. Reuters. Retrieved from https://www.reuters.com/article/us-usa-cyber-opm/chinese-national-arrested-in-los-angeles-on-u-s-hacking-charge-idUSKCN1B42RMPark, C. H., Song, I. U., Kim, M. J., Chang, E. H., Heo, J., & Kim, H. T. (2016). Prediction Model for Deviant Hacking Behavior and Hacking Type in Hackers Based on Psychological Variable. The Journal of Korean Institute of Communications and Information Sciences, 41(4), 489-498.

Tweneboah-Koduah, S., Skouby, K. E., & Tadayoni, R. (2017). Cyber security threats to IoT applications and service domains. Wireless Personal Communications, 95(1), 169-185.