On Monday morning, U.S. Attorney General William P. Barr charged four members of the Chinese military as the culprits behind the 2017 Equifax data breach, one of the largest hacks in history to target consumer data.
With more than 145 million people affected, the hackers were able to successfully steal names, addresses, Social Security and driver’s license numbers, and other personal information stored in the company’s databases.
In its nine-count indictment, the U.S. Department of Justice (DOJ) alleged that Wang Qian, Xu Ke, Liu Lei, and Wu Zhiyong — all members of China’s military arm, the People’s Liberation Army (PLA), were the alleged hackers after a years-long investigation, according to WIRED.
The Defendants are charged under the Computer Fraud and Abuse Act, with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. The defendants are also charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud.
According to the indictment, the Defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal. They then used this access, without authorization, to conduct reconnaissance of Equifax’s online dispute portal and to obtain login credentials that could be used to further navigate Equifax’s network.
The Defendants then spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system. Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the U.S…like China.
From the reports, the Defendants ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates, and social security numbers for nearly half of all American citizens. Congratulations, each and every one of us are all on China’s radar…literally.
While the four charged men have not yet been arrested, they are believed to still be living in China.
Why We Should Be Concerned About China’s Involvement
In cases of data breaches, typically we as consumers are concerned with random charges on our credit card bills, phishing, and other forms of social engineering designed to deplete our financial wealth.
However, in this instance, U.S. consumers have something much bigger to worry themselves on. The overarching fear for U.S. security officials is how Chinese spies could put together vast databases which contain personal information about U.S. citizens.
“This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” U.S. Attorney General William Barr said at a press conference announcing the charges. “For years we have witnessed China’s voracious appetite for the personal data of Americans.”
This however, is not the first time the U.S. has charged members of the PLA with hacking U.S. companies. Back in 2014, the U.S. issued its first indictment. Now, it’s just a matter of time (hopefully) before we bring these men to justice.
“Today we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us.”
U.S. Attorney General William Barr II
Of course China has since denied the charges associated with the Equifax data breach, with China’s foreign ministry spokesman Greg Shuang making his statement to the Associated Press:
“We firmly oppose and combat cyberattacks of any kind. China is a staunch defender of cybersecurity,. The Chinese government, military and relevant personnel never engage in cyber theft of trade secrets.”
Barr linked China to data breaches at the U.S. Office of Personnel Management in 2015, the Marriott hotel chain in 2018 and Anthem health-insurance company in 2015, according to MarketWatch — “and now the wholesale theft of credit and other information from Equifax,” Barr added.
This unfortunately, is just the beginning. To all of us, stay vigilant.
“[Monday’s] announcement of these indictments further highlights our commitment to imposing consequences on cybercriminals no matter who they are, where they are, or what country’s uniform they wear,” said FBI Deputy Director David Bowdich.
“The size and scope of this investigation — affecting nearly half of the U.S. population, demonstrates the importance of the FBI’s mission and our enduring partnerships with the Justice Department and the U.S. Attorney’s Office. This is not the end of our investigation; to all who seek to disrupt the safety, security and confidence of the global citizenry in this digitally connected world, this is a day of reckoning.”