FBI Arrest Chinese National Linked to OPM Data Breach Malware. A 3. 6 year old Chinese national was arrested in Los Angeles this week in connection with a computer hacking conspiracy involving malware linked to the 2. US Office of Personnel Management OPM data breach. Yu Pingan of Shanghai, China, was arrested on Wednesday while traveling at Los Angeles International Airport. Also identified by the hacker pseudonym Gold. Sun, Yu has been charged under the Computer Fraud and Abuse Act and is further accused of conspiracy to commit offense or defraud the United States. According to an August 2. US District Court for the Southern District of California, Yu collaborated with others, including two unnamed individuals who have not been charged, to acquire and use malware to facilitate cyberattacks against at least four unnamed US companies. The FBI has identified Yus co conspirators as living in the Peoples Republic of China. Your favorite technology company, Google, is working on an upcoming feature that could put the kibosh on autoplaying videos for good. Soon youll be able to silence. Experts Exchange Questions Installing Client Access Roll Fails Microsoft Exchange Service Host cannot be started. File named Backup under Program Filesveritas or under the folder where Backup Exec is installed might create a problem for PostgreSQL service startup and cause a. How To Manually Uninstall Backup Exec 2012 Remote Agent 64chAt this stage, the names of the companies i. The indictment is accompanied by an affidavit signed by an FBI agent assigned to a cybercrime squad at the bureaus San Diego Field Office. A spokesperson for the bureau could not be immediately reached for a comment. The FBI has accused Yu of discussing the installation of a remote access trojan, or RAT, at an unidentified company as early as in June 2. A year later, one his conspirator allegedly installed malicious files on the network of a San Diego based company. The same company was allegedly attacked again on or before December 3, 2. In January 2. 01. Yus co conspirators allegedly used a variant of the malware Sakula in an attack on a second company based in Massachusetts. Multiple security firms have tied Sakulato the OPM attacka massive data breach that involved the records of millions of US citizens who had undergone government security clearance checks. According to Washington Post sources, Chinas involvement was suspected by US authorities, though the Obama administration never official ascribed blame. Chinese authorities have repeatedly denied any involvement in the OPM attack. The Chinese government takes resolute strong measures against any kind of hacking attack, Chinas Foreign Ministry told Reuters in 2. We oppose baseless insinuations against China. Sakula was also used in the 2. Anthem data breach, which involved the potential theft of roughly 8. Independent investigators concluded with medium confidence earlier this year that the Anthem attack was likely carried out on behalf of a foreign government. Neither Anthem nor OPM is cited in connection with Yus arrest and Anthem does not appear to be based in any of the cities mentioned in the indictment. Yu was allegedly linked to use of the then rare Sakula malware through emails obtained by the FBI. Yus co conspirators are said to have breached a third company based in Los Angeles, however, in December 2. The attackers allegedly took advantage of a then unknown vulnerabilityor zero dayin Microsofts Internet Explorer, which allowed for remote code execution and injection of Sakula. Sakula is also a known tool of China based advanced persistent threat nicknamed Deep Panda, or APT 1. OPM and Anthem attacks. The two unnamed and unindicted co conspirators also allegedly attacked a fourth company based in Arizona. The FBI agents affidavit states that Yu provided one of the co conspirators the malicious software as early as April 2. The communications allegedly show that Yu also informed the second co conspirator of an exploit for Adobes Flash software. Whats more, FBI seized communications show that in November 2. Yu indicated that he had compromised the legitimate Korean Microsoft domain used to download software updates for Microsoft products, and further stated, allegedly, that the hacked site could be used to launch phishing attacks. According to CNN, Yu was arrested after entering the US on Wednesday to attend a conference. This story is developing and will be updated as more information becomes available. VSS issue, event ID 2. Failed to retrieve volumes that are eligible for shadow copies. As the first action, please restart your server and see if the mentioned error messages and conditions occur again. I restarted and the system writer status will go back to State 1 no error. When I tried to use the Windows Server Backup program to backup the system state, I would get the same error. My Dell creates a 2 GB partition using FAT3. Boot. I converted that to NTFS. Rebooted, retried the system state and was successful. I use Backup. Exec 2. R3. I reran the backup job and was success backing up the system state. Usually after rebooting the. I would run the backup and the system writer would go back to to an. Now after both system state backups the system writer shows it is still fine. Although when I right click on C Configure Shadow Copies, I still get the error 0x. Failed to retrieve volumes that are eligible for shadow copies. Run chkdsk f C on the server, reboot the server and see if the mentioned error messages and conditions occur again. I havent ran that yet. But a read only chkdsk reports a clean volume. I will try that on reboot tonight during the maintenance window. Do you have installed Service Pack 1 on the problematic serverYes, Windows Server 2. R2 Standard SP1 6. There are no additional patches available for install via M Update. Please run the vssadmin list writers command and post the output completely. C Windowssystem. Volume Shadow Copy Service administrative command line toolC Copyright 2. Microsoft Corp. Writer name Task Scheduler Writer   Writer Id d. Writer Instance Id 1bddd. State 1 Stable   Last error No error. Writer name VSS Metadata Store Writer   Writer Id 7. Writer Instance Id 0. State 1 Stable   Last error No error. Writer name Performance Counters Writer   Writer Id 0bada. Writer Instance Id f. State 1 Stable   Last error No error. Writer name System Writer   Writer Id e. Writer Instance Id 9bfa. State 1 Stable   Last error No error. Writer name FSRM Writer   Writer Id 1. Writer Instance Id b. State 1 Stable   Last error No error. Writer name ASR Writer   Writer Id be. Writer Instance Id 7aa. State 1 Stable   Last error No error. Writer name MSSearch Service Writer   Writer Id cd. Writer Instance Id 3. State 1 Stable   Last error No error. Writer name Shadow Copy Optimization Writer   Writer Id 4dc. Writer Instance Id 3d. State 1 Stable   Last error No error. Writer name COM REGDB Writer   Writer Id 5. Writer Instance Id 5b. State 1 Stable   Last error No error. Writer name Registry Writer   Writer Id afbab. Writer Instance Id 1. State 1 Stable   Last error No error. Writer name IIS Metabase Writer   Writer Id 5. Writer Instance Id c. State 1 Stable   Last error No error. Writer name WMI Writer   Writer Id a. Writer Instance Id 1f. State 1 Stable   Last error No error. Writer name IIS Config Writer   Writer Id 2a. Writer Instance Id 4. State 1 Stable   Last error No error. Run diskpart, then run list volume and then report back the result. C Windowssystem. Microsoft Disk. Part version 6. Copyright C 1. 99. Microsoft Corporation. On computer FBPA1. FS1. DISKPART list volume  Volume   Ltr  Label        Fs     Type        Size     Status     Info                  Volume 0     D   True. Crypt R  CDFS   DVD ROM     3. KB  Healthy  Volume 1     E                                 CD ROM. B  No Media  Volume 2     S   OS               NTFS   Partition   2. MB  Healthy    System  Volume 3     C   Local Disk     NTFS   Partition    2. GB  Healthy    Boot  Volume 4     F                       RAW    Partition    1. GB  Healthy  Volume 5     G   Clear. Text      NTFS   Partition    5. GB  Healthy  Volume 6     H                       RAW    Partition    3. GB  Healthy. 6. Run vssadmin list providers and report back the result. C Windowssystem. Volume Shadow Copy Service administrative command line toolC Copyright 2. Microsoft Corp. Provider name Microsoft Software Shadow Copy provider 1. Provider type System   Provider Id b. Version 1. 0. 0. I also suggest you to modify the registry as follows Click Start, click Run, type regedit, and then click. OK. Locate and then click the following key in the registry HKEYLOCALMACHINESYSTEMCurrent. Control. SetServicesVol. Snap. On the Edit menu, point to New, and then click DWORD value. Type Min. Diff. Area. File. Size, and then press ENTER. On the Edit menu, click Modify. Type the size for example 1.