US offers $13m reward for Chinese hacker behind 2020 Sophos firewall attack

WASHINGTON – The US offered a US$10 million (S$13 million) reward on Dec 10 for information leading to the arrest of a Chinese man and co-conspirators wanted for hacking computer firewalls.

Guan Tianfeng, 30, is believed to be living in China’s Sichuan province, according to the State Department.

An indictment charging Guan with conspiracy to commit computer fraud and conspiracy to commit wire fraud was unsealed on Dec 10.

The Treasury Department said it imposed sanctions on the company Guan worked for, Sichuan Silence Information Technology.

Beijing swiftly hit back, accusing the US of “exploiting cybersecurity issues to smear and discredit China”.

“We firmly oppose the excessive application of illegal unilateral sanctions... against Chinese entities and individuals,” Foreign Ministry spokeswoman Mao Ning said at a news briefing on Dec 11.

“China will take necessary measures to safeguard the just legal rights and interests of its companies and citizens,” she said.

Guan and his co-conspirators at Sichuan Silence allegedly took advantage of a vulnerability in firewalls sold by Britain-based cyber-security company Sophos, according to the indictment.

“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” Deputy Attorney-General Lisa Monaco said in a statement.

Some 81,000 firewall devices were simultaneously attacked worldwide in April 2020, the indictment said, with the aim of stealing data, including usernames and passwords, while also attempting to infect the computers with ransomware.

More than 23,000 firewalls were in the US, of which 36 were protecting “critical infrastructure companies’ systems”, the Treasury said.

“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States,” Federal Bureau of Investigation agent Herbert Stapleton said.

“If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”

According to the indictment, Sichuan Silence sold its services and the data it obtained through hacking to Chinese businesses and to government entities, including the Ministry of Public Security.

A man who answered a call to a phone number registered with Sichuan Silence on Dec 11 said the company “did not accept interviews” and declined to comment on the sanctions.

The man, who did not identify himself, also said Guan was “uncontactable”. AFP