Four Chinese military hackers from the People’s Liberation Army have been charged with hacking into the networks of the Equifax consumer credit reporting agency and stealing personal information of nearly 150 million Americans, the Justice Department announced on Monday.
Significantly, the four Chinese intelligence officers are also accused of plundering Equifax’s trade secrets, law enforcement officials said.
The individuals indicted in the Equifax hack are Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei. Government officials stated that the hackers were members of the 54th Research Institute which is a part of the People’s Liberation Army.
The accused intelligence officers exploited a software vulnerability that permitted them to acquire login credentials and navigate the corporation’s network to search for sensitive data.
The accused hackers reside in China and none are currently detained. Nevertheless, American government officials perceive the criminal charges as a robust deterrent to foreign adversaries and caution to other nations that American law enforcement possesses the ability to identify hackers hiding behind a keyboard.
“Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us,” Attorney General William Barr announced in a statement Monday.
Chinese military hackers have ramped up espionage-related hacking in recent years. In the past, The Justice Department indicted two Chinese hackers involved in the Anthem data breach.
“At the FBI we’ve been saying for years that China will do anything it can to replace the United States as the world’s leading superpower,” FBI Deputy Directory David Bowdich said. “This indictment is about more than targeting just an American business. It’s about the brazen theft of sensitive personal information of nearly 150 million Americans.”
The indictment specifies the efforts the military hackers deployed to conceal their digital tracks, including routing traffic through 34 servers in 20 nations to mask their location, deleting log files on a daily basis, and employing encrypted communication channels.
Initially, Equifax overlooked the hackers targeting its databases for more than six weeks. Foreign intelligence officers exploited a well-known web security vulnerability that Equifax had not patched.
According to the Government Accountability Office, a server that was hosting Equifax’s online dispute portal was running software with a known vulnerability. The military hackers were able to obtain sensitive databases that contained users’ personal information.
Equifax officials informed the Government Accountability Office that the corporation made several mistakes, comprising the possession of an obsolete list of computer system administrators.
Once the corporation distributed a notice to install a patch for the software vulnerability, the employees accountable for installing the patch failed to do so.
“We can’t take them into custody, try them in a court of law, and lock them up — not today, anyway,” Bowdich stated. “But one day, these criminals will slip up, and when they do, we’ll be there.”