The US accuses four members of the Chinese military of massive Equifax hacking

Attorney General William Barr Announces Cyber ​​Law Enforcement Measures

Washington – The Department of Justice has made allegations of abuse against four members of the Chinese military Hack in the credit agency Equifax and steal the personal information of millions of Americans in 2017.

"This was one of the largest data breaches in history," said Attorney General William Barr at a press conference on Monday. "The scale of the theft was staggering. As the indictment alleged, the hackers were given the names, dates of birth, and social security numbers of nearly 145 million Americans and driver's licenses of at least 10 million Americans."

The four accused are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, all of whom are members of the 54th Research Institute, a component of the Chinese People's Liberation Army, the prosecutors said. A federal grand jury in Atlanta returned the nine charges of computer fraud, industrial espionage, and cable fraud. The men have not been detained and are considered wanted by the FBI.

"This is the greatest theft of sensitive [personally identifiable information] "This indictment is also a reminder that China's attacks on our economy, cyber infrastructure, and citizens are one of the greatest threats to our national security." today."

Bowdich said there was no evidence that the stolen personal information was being used by millions of Americans, but he acknowledged that this could be possible in the future. Equifax settled a class action lawsuit over the break for more than $ 700 million in 2019.

Attorney General William Barr Announces Cyber ​​Law Enforcement Measures
A poster showing the four members of the Chinese military accused of hacking Equifax shortly after Attorney General William Barr held a press conference at the Washington Department of Justice on February 10, 2020.

Sarah Silbiger / Getty Images

Prosecutors in the indictment said the hackers exploited a vulnerability in a portal on the Equifax website to steal credentials used to access databases on the corporate network. Once on the network, the hackers searched databases for personal information and saved the results in files that were broken down into smaller pieces for more efficient downloading.

According to the indictment, the hackers used 34 servers in 20 countries to access the Equifax network and used existing encrypted communication channels to "blend in with normal network activity."

The hackers had access to the portal for the first time in May 2017 and, according to the indictment, continued to steal information from the Equifax databases until the end of July. The theft is economic espionage and theft of business secrets, the prosecutors said.

"The hackers have also stolen Equifax's trade secrets, which are reflected in the compiled data and complex database designs for storing personal information," said Barr. "These trade secrets were the result of decades of investment and hard work by the company."

The attorney general said the Equifax case has been consistent with China's "insatiable appetite" for personal information about Americans in recent years. He also said it was part of a much broader campaign to "steal American companies' intellectual property through" government-sponsored computer attacks. "

"Approximately 80% of our economic espionage efforts have affected the Chinese government, and approximately 60% of all trade secret theft cases in recent years have been related to China," said Barr.

The Trump administration has raised the alarm about the privacy practices of Chinese companies, especially the massive telecommunications company Huawei. The government blocked Huawei's access to the U.S. markets in 2019. The company posed a security risk as it could be forced to work with Chinese government surveillance orders. The United Kingdom last month ignored These warnings and the announcement that Huawei will provide devices for 5G networks in the country raise concerns about the exchange of information between the United States and the United Kingdom.

At a conference in Washington last week, Barr highlighted upcoming lawsuits against government-sponsored cyber attacks from China and warned of the threat of industrial espionage. FBI director Christopher Wray said the office had "conducted approximately 1,000 investigations into China's attempted theft of technology in all 56 field offices in the United States, in nearly all industries and sectors."

On Monday, Barr admitted that the US "does not normally file charges against members of the military or secret service of another country outside the US," but said that "indiscriminate theft" of information about individuals would not be tolerated.

In 2014, Attorney General Eric Holder filed charges against five Chinese military hackers for stealing business secrets against six American nuclear, metal, and solar companies. These allegations were the first to be made by the ministry for hacking crimes against state-sponsored actors.