On February 10, 2020 Attorney General William P. Barr charged four members of the Chinese military with the 2017 hack of credit rating agency Equifax

The Justice Department has charged four members of the Chinese military with a 2017 hack at the credit reporting agency Equifax, a massive data breach that compromised the personal information of nearly half of all Americans.

In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. Attorney General William P. Barr called their efforts “a deliberate and sweeping intrusion into the private information of the American people.”

The 2017 breach gave hackers access to the personal information, including Social Security numbers and birth dates, of about 145 million people. Equifax last year agreed to a $700 million settlement with the Federal Trade Commission to compensate victims. Those affected can ask for free credit monitoring or, if they already have such a service, a cash payout of up to $125, although the FTC has warned that a large volume of requests could reduce that amount.

At a news conference announcing the indictment, Barr said China has a “voracious appetite” for Americans’ personal information and pointed to other intrusions that he alleged have been carried out by Beijing’s actors in recent years, including hacks in 2015 of the health insurer Anthem and the Office of Personnel Management, as well as a 2018 hack of the hotel chain Marriott.

“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools,” Barr said. The attorney general said the indictment would hold the Chinese military “accountable for their criminal actions.”

Barr and other U.S. law enforcement officials in recent weeks have taken a particularly aggressive posture toward China. Late last week, Barr warned of that country’s bid to dominate the burgeoning 5G wireless market and said the United States and its allies must “act collectively” or risk putting “their economic fate in China’s hands.”

Those charged with the Equifax hack are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. Officials said they were members of the PLA’s 54th Research Institute. Read the indictment: U.S. v. Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei

Those charged with the Equifax hack are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. Officials said they were members of the PLA’s 54th Research Institute.

Officials said the hackers also took steps to cover their tracks, routing traffic through 34 servers in 20 countries to hide their location, using encrypted communication channels and wiping logs that might have given away what they were doing.

According to the indictment, in March 2017, a software firm announced a vulnerability in one of its products, but Equifax did not patch the vulnerability on its online dispute portal, which used that particular software. In the months that followed, the Chinese military hackers exploited that unrepaired software flaw to steal vast quantities of Equifax’s files, the indictment charges.

The case marks the second time the Justice Department has unsealed a criminal indictment against PLA hackers for targeting U.S. commercial interests. In 2014, the Obama administration announced an indictment against five suspected PLA hackers for allegedly breaking into the computer systems of a host of American manufacturers.

Source:  The Washington Post

Editorial Comment:  ‘The cat is out of the bag’!  It was always a great mistery about the motives and origins of the Equifax data breach.  Experts said that none of the data has appeared on the dark net.  Nobody seem to have put up the data for sale.  Therefore, the speculation was that it could have been a foreign actor who engineered the breach.  Now we know and everybody wonders how the Justice Department found out the location and names of the hackers.   To read more click on this link