Print this article
US Indicts Four Chinese Military Officers For Equifax Hack
Tom Burroughes
11 February 2020
Exploiting vulnerability
The saga of how 147 million people were hit in 2017 by the hacking attack on credit rating firm Equifax took another twist yesterday. The US Department of Justice has indicted four members of China’s People’s Liberation Army with the attacks.
It is one of several attacks that have shaken sectors such as wealth management, forcing cybersecurity up the agenda for organizations such as family offices, advisors, private banks and investment houses. The hackers mostly affected Americans, but reports said that some Canadians and UK persons were also affected.
A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s Liberation Army with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans’ personal data and Equifax’s valuable trade secrets, the DOJ said in a statement on February 10.
The nine-count indictment alleges that Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei were members of the PLA’s 54th Research Institute, a component of the Chinese military.
“They allegedly conspired with each other to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of approximately 145 million American victims,” the DOJ’s statement said.
Attacks on other institutions, ranging from JP Morgan through to Germany’s rail network in recent years, have fueled fear of cybercrime. Professional services firm Accenture puts the cost of cybersecurity to the global economy at $5.2 trillion over the next five years.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William P Barr, who made the announcement, said. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”
According to the indictment, the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal. They used this access to conduct reconnaissance of Equifax’s online dispute portal and to obtain login credentials that could be used to further navigate Equifax’s network, the statement continued.
The defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system. Once they accessed files of interest, these people stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and remove data from Equifax’s network to computers outside the US.
In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens. China has denied the allegations and insisted it does not engage in cyber-theft .
Equifax welcomed the DOJ’s actions and those of the Federal Bureau of Investigation.
"We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017. It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target US consumers, businesses and our government. The attack on Equifax was an attack on US consumers as well as the United States,” CEO Mark W Begor said.
“Cybercrime is one of the greatest threats facing our nation today, and it is an ongoing battle that every company will continue to face as attackers grow more sophisticated. Combating this challenge from well-financed nation-state actors that operate outside the rule of law is increasingly difficult. Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement and private business that we have experienced first-hand,” Begor said.
“We are spending an incremental $1.25 billion between 2018 and 2020 on enhanced security and technology as part of our EFX 2020 cloud technology transformation, and we have made tremendous progress toward embedding security into everything we do,” he added.