The Justice Department has charged people possibly responsible for the data breach that exposed data of nearly half of all Americans
Credit reporting agency Equifax got hacked back in 2017 when personal and financial data of almost 150 million Americans was breached.[1] Four members of the Chinese military were charged for breaking into the computer network of Equifax and stealing personal data of their customers. This state-sponsored hacking campaign, according to the Attorney General William Barr and FBI Deputy Director David Bowdich, was the largest case uncovered.[2]
This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.
Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊) – the accused military members have been involved in stealing intellectual property and secrets from several other U.S businesses throughout the recent years. The Justice Department blames Beijing for one of the largest hacking campaigns targeting consumer data in history. Attacks using intelligence-gathering methods, that involve China’s government, become increasingly more aggressive and sophisticated.
China denies any involvement following the accusations
After the accusations of the hacking activities and official indictment of four members of the Chinese military, the country denied any involvement, claiming that China is also a victim of such attacks.[3] Geng Shuang – foreign ministry spokesman said that China is not engaging in any cyberattacks involving theft of trade secrets. The official also accused the U.S government of engaging in such spying activities on foreign governments, individuals, and institutions.
However, Chinese hackers have been involved in breaches and hacking attacks on American corporations, chains, and government institutions before this breach was discovered. The administration of the U.S president already warned citizens about the suspicious China activities, cybersecurity, and surveillance risks.[4]
AG Barr stated in the press conference:
80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret theft cases in recent years involved some connection to China.
Data collected by hackers can be easily used to target U.S government officials, exploit vulnerabilities, spy on and blackmail people. The FBI and other agencies haven’t found such examples yet, but don’t rule the possibilities of these incidents in the future.
What is known about the 2017 Equifax breach
The attackers accessed a computer network of the company and obtained names, birthdays, social security numbers, and other financial and personal information of 145 million citizens, that was found on the Equifax’s databases. The single breach affected nearly half of Americans, including credit card numbers, and PII of 200,000 consumers, data of million customers from the UK, and Canada. Equifax had to pay a massive fine due to the incident.[5]
In addition to hacking the network, attackers also exploited the Apache Struts framework vulnerability that allowed them to hack the online dispute portal and move through the system for weeks, stealing credentials and planting malware on devices in the meantime. These Chinese hackers also managed to evade detection of their intrusion because they rerouted the traffic via 34 servers located in 20 different countries, so the location remained undisclosed.
The defendants were charged with three counts of conspiracy to commit economic espionage, computer fraud, and wire fraud, as well as two counts of unauthorized access and intentional damage to a protected computer, three counts of wire fraud, one count of espionage.[6]