Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Chinese Researcher Arrested for Destroying Evidence of Data Transfer to China

A Chinese national was arrested in the United States for destroying evidence of possible transfer of sensitive data to China. 

The man, Guan Lei, 29, was a researcher at the University of California, Los Angeles, and was staying in the U.S. on a J-1 non-immigrant visa. 

A Chinese national was arrested in the United States for destroying evidence of possible transfer of sensitive data to China. 

The man, Guan Lei, 29, was a researcher at the University of California, Los Angeles, and was staying in the U.S. on a J-1 non-immigrant visa. 

According to a criminal complaint, on July 25, the researcher was observed throwing a damaged hard drive into a trash dumpster near his residence. 

Guan, who refused to allow the FBI to examine his computer, was not allowed to board a flight to China. The FBI was able to recover the damaged hard drive, but said in an affidavit that the damage to it was irreparable and that all data on it appeared “to have been removed deliberately and by force.”

The complaint also reveals that Guan was being investigated for the possible transfer of “sensitive U.S. software or technical data to China’s National University of Defense Technology (NUDT).”

Guan is also said to have denied being associated with the Chinese military – the People’s Liberation Army – when applying for a visa in 2018, as well as in interviews with federal law enforcement. 

Furthermore, the complaint reveals that the researcher admitted taking part in military training, wearing military uniforms at NUDT, and having a faculty advisor in China who “was also a lieutenant general in the PLA who developed computers used by the PLA General Staff Department, the PLA General Armament Department, Air Force, military weather forecasts, and nuclear technology.”

The affidavit supporting the complaint also notes that NUDT is believed to be procuring items of U.S. origin for the building of “supercomputers with nuclear explosive applications.” The U.S. Department of Commerce placed the university on its Entity List for nuclear nonproliferation reasons. 

According to the complaint, not only did Guan destroy the hard drive, but also hid digital storage devices from investigators and lied about having contact with the Chinese consulate during his stay in the U.S.

Guan was ordered detained. An arraignment was scheduled for Sept. 17, 2020. Guan is accused of destruction of evidence, an offense that carries a statutory maximum sentence of 20 years in federal prison. 

Related: Chinese Hackers Target Air-Gapped Systems With Custom USB Malware

Related: U.S. Indicts Two Chinese Nationals for Hacking Hundreds of Organizations

Related: US Says Chinese Hacking Vaccine Research: Reports

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.