wordpress blog stats
Connect with us

Hi, what are you looking for?

, , ,

4 Chinese military personnel indicted for Equifax breach

US China
US China

On January 28, a federal grand jury in Atlanta indicted 4 Chinese military personnel for hacking into the credit reporting agency Equifax between at least May and June 2017 and for stealing Americans’ personal data and Equifax’s trade secrets. The four men — Wang Qian, Xu Ke, Liu Lei and Wu Zhiyong — are members of the 54th Research Institute of the People’s Liberation Army (PLA), that is, the Chinese armed forces, according to the US Department of Justice and the FBI.

What happened? In March 2017, Apache Struts Web Framework, an open-source web-application software that Equifax used for its online dispute portal, disclosed a vulnerability (CVE-2017-9805) that allowed attackers to remotely execute code on the targeted web application. Along with the disclosure, Apache Software Foundation also released a patch for the vulnerability. Equifax reportedly ignored both. As a result, roughly between March 13, 2017 and July 30, 2017, personally identifiable information (PII) of around 145 million Americans was leaked, Equifax had disclosed in September 2017.

What kind of data got leaked? According to the indictment, names, birth dates and social security numbers (SSNs) of around 145 million Americans, driving licence numbers of at least 10 million Americans, and credit card numbers of about 200,000 Americans were collected by hackers. PII of nearly a million UK and Canadian citizens was also harvested.

“[I]n a single breach, the PLA obtained sensitive personally identifiable information for nearly half of all American citizens.” — Indictment

Modus operandi: The 4 indicted personnel were residents of Beijing at the time and exploited this vulnerability to gain access to Equifax’s network.

  1. Reconnaissance: The 4 indicted Chinese nationals used this vulnerability as foothold to conduct reconnaissance of Equifax’s online dispute portal, and obtain login credentials to navigate Equifax’s network, according to the indictment. By running SQL queries, the indicted individuals identified Equifax’s database structure and searched for sensitive PII within the system.
  2. Exfiltration outside the US: After accessing files of interest, they downloaded and exfiltrated the data from Equifax networks to computers outside the US. Through about 9,000 queries, they obtained names, birth dates and social security numbers of around 145 million Americans, the indictment says.
    • Evading detection: To avoid detection, they routed traffic through approximately 34 servers in nearly 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in, and deleted compressed files and log files on a daily basis.

“While doing this, the hackers also stole Equifax’s trade secrets, embodied by the compiled data and complex database designs used to store the personal information,” the US Attorney General William Barr said in his remarks.

What have they been charged with? They have been indicted on 9 counts:

Advertisement. Scroll to continue reading.
  1. Three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud
  2. Two counts of unauthorised access and intentional damage to a protected computer
  3. One count of economic espionage
  4. Three counts of wire fraud.

‘Other Chinese illegal acquisitions of sensitive personal data’: Barr said that this attack was on par with “China’s voracious appetite for the personal data of Americans” which has included the theft of personnel records from the US Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company.

The Chinese state is sponsoring attacks on American companies: Barr said that cases in the US revealed “a pattern of state-sponsored computer intrusions and thefts by China targeting trade secrets and confidential business information”. One such group is known as APT 10, which allegedly worked in association with the Chinese Ministry of State Security to target managed service providers and their clients worldwide across industries.

“Indeed, about 80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret theft cases in recent years involved some connection to China.” — William Barr, US Attorney General

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ