Justice Department charges Chinese nationals over Equifax hack – CNET

gettyimages-863815348

The Justice Department is charging four Chinese nationals for allegedly hacking Equifax.


Photo by Jaap Arriens/NurPhoto via Getty Images

The US Justice Department on Monday charged four members of China’s People’s Liberation Army in connection with the Equifax hack, one of the largest data breaches in US history. 

The four alleged Chinese military hackers are listed as Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, according to the indictment. They are charged with computer fraud, economic espionage and wire fraud. 

“This is the largest theft of sensitive [personally identifiable information] by state-sponsored hackers ever recorded,” FBI deputy director David Bowdich said at a press conference on Monday. 

The Chinese embassy didn’t immediately respond to a request for comment. 

screen-shot-2020-02-10-at-10-18-15-am.png

The four alleged hackers behind the Equifax hack.


FBI

This is only the second time the Justice Department has indicted Chinese military hackers, Bowdich said. The first time was in 2018, when the US charged Chinese hackers with theft from NASA and the technology sector.

In a statement, Equifax’s CEO Mark Begor thanked the Justice Department for its investigation, and said that protecting companies from hacks “from well-financed nation-state actors that operate outside the rule of law is increasingly difficult.” 

“It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government,” Begor said. “The attack on Equifax was an attack on U.S. consumers as well as the United States.”

The 2017 cyberattack on Equifax affected 147.7 million Americans, and the hackers got access to names, Social Security numbers, birthdates and addresses. In July 2019, the credit-monitoring agency settled with the Federal Trade Commission to pay at least $575 million over its security failures.  

“This data has economic value and these thefts can feed china’s development of artificial intelligence tools as well as the creation of intelligence-targeting packages,” Attorney General William Barr said.

At the time the hack was revealed, Equifax’s then-CEO Rick Smith blamed a months-old server flaw that the company failed to patch. According to the indictment, the four hackers took advantage of the unpatched vulnerability and infiltrated Equifax’s servers on July 30, 2017. 

Once they had access to Equifax’s networks, the hackers allegedly stole login credentials and sensitive personally identifiable information on Equifax’s databases, as well as trade secrets, according to court documents. Prosecutors said the Chinese military hackers attempted to cover their tracks by using about 34 servers located in nearly 20 countries, including hosting services outside of China. 

Court documents claimed that the alleged hackers also used encrypted communications within Equifax’s network to blend in with the company’s normal activities. 

Barr said the Justice Department normally doesn’t bring charges against military officers of another country, but noted that there were exceptions, as in Equifax’s case. 

“Equifax’s cooperation throughout the investigation was critical to our development throughout this case,” Barr said. 

Originally published at 7:10 a.m. PT.
Updated at 7:23 a.m. PT: To include more details on the alleged hackers.
Updated at 7:34 a.m. PT: To add details from the indictment. 
Updated at 8:18 a.m. PT: To include statement from Equifax. 


Now playing:
Watch this:

Equifax breach: Find out if you can claim part of the…



1:33

source: cnet.com