Chinese Military Personnel Charged with Equifax Hack

Written by

The US has indicted Chinese military personnel today on charges of hacking into Equifax's computer systems and stealing valuable trade secrets and the personal data of nearly 150 million Americans.

A federal grand jury in Atlanta, Georgia, returned the indictment last week against four members of the Chinese People's Liberation Army (PLA). Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) are accused of conspiring to carry out a three-month-long data heist.

According to the nine-count indictment, the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to gain unauthorized access to the credit reporting agency's computer system. 

Once inside, the quartet allegedly ran around 9,000 queries on Equifax's system from May to July 2017, obtaining names, dates of birth, and Social Security numbers for nearly half of America's citizens. 

To obfuscate their location, the defendants are claimed to have routed traffic through approximately 34 servers located in nearly 20 countries and used encrypted communication channels within Equifax’s network to blend in with normal network activity. 

The indictment further alleges that to cover their tracks, the defendants deleted compressed files and wiped log files on a daily basis throughout the prolonged cyber-attack. 

"Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us," said Attorney General William P. Barr.

"Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information."

The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. They are further charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud. 

The accused are all members of the PLA's 54th Research Institute, a component of the Chinese military. 

FBI Deputy Director David Bowdich said: "Today’s announcement of these indictments further highlights our commitment to imposing consequences on cybercriminals no matter who they are, where they are, or what country’s uniform they wear."

What’s hot on Infosecurity Magazine?