This post has been read 48 times!
The US Justice Department has pinned 2017’s Equifax hack on four members of China’s People’s Liberation Army, indicting the quartet on charges related to the breach that exposed the data of 150 million Americans.
One of the largest and most notorious hacks in US history has been traced to four Chinese military hackers, according to an indictment announced Monday by US Attorney General William Barr. Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei – employees of the PLA’s 54th Research Institute – have all been charged with conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud.
Barr slammed the “deliberate and sweeping intrusion into the private information of the American people” in a statement, warning Beijing that “we have the capability to remove the Internet’s cloak of anonymity and find the hackers [China] repeatedly deploys against us.”
Stealing “sensitive personally identifiable information for nearly half of all American citizens” apparently wasn’t serious enough for the Justice Department, which classified the data and the way in which it was stored in Equifax’s database as ultra-valuable “trade secrets” in its indictment, justifying the economic espionage charge.
The charging document also admits that the Apache software vulnerability that allowed the hackers to access that data was discovered by the US Computer Emergency Readiness Team two months before the first hacker allegedly breached the server, but Equifax failed to patch it.
While FBI deputy director David Bowdich admitted to reporters that there was no evidence that the Equifax data had been weaponized or indeed used in any way, he deplored the American public’s gradual acclimatization to an endless parade of data breaches.
“We’ve almost become, as a country, immune to these breaches,” but “we cannot think like that,” he said during a press conference on Monday. “American businesses cannot be complacent about protecting their data and intellectual property from our adversaries. American citizens cannot be complacent about protecting their sensitive data.”
How exactly American citizens are supposed to respond when the company charged with protecting their sensitive data fails to do so, Bowdich did not explain.
The indictments are a major public relations coup for an administration eager to paint China as the bogeyman. The Equifax breach has become the most expensive hack of a corporation in history, with costs eclipsing half a billion dollars since some 150 million Americans had their private data exposed in 2017.
The hack was particularly damaging because as a credit-reporting agency, Equifax’s databases hosted more than the usual names, addresses, and birthdates – social security numbers, drivers’ license numbers, and credit card numbers were also exposed to varying degrees, putting victims at serious risk of identity theft.
Nor were Americans alone affected, as “nearly a million citizens of the United Kingdom and Canada” also had their data exposed, according to the indictment.
It remains unclear how the DOJ concluded that four members of the Chinese military were responsible, whether they were supposedly acting on their own or on state orders, or how it intends to bring them to a US court.