The US is blaming four Chinese military officers for the 2017 breach of credit reporting agency Equifax, which ended up looting the personal information of 145 million Americans.
On Monday, the Justice Department unsealed an indictment against four members of the Chinese People’s Liberation Army (PLA) and claimed the Equifax breach was a “state-sponsored” hack.
“Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us,” US Attorney General William Barr said in a statement.
The indictment refrains from stating how federal investigators traced the intrusions back to the four Chinese military officers—named as Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei.
Their current whereabouts are unknown.
For now, the FBI has only issued a wanted posted for the four suspects, who allegedly work for China’s 54th Research Institute.
According to its website, the 54th Research Institute is focused on military communications and “telecommunication and information defense.” However, US federal officials claim the same institute is a component of the PLA.
If the allegations are true, it would mean the Chinese government has access to the names, date of births and Social Security numbers of 145 million Americans, making it easier for them to commit identity theft and other hacking crimes on half of the US populace.
Another 10 million Americans had their drivers’ license numbers stolen in the breach.
“Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information,” Barr added.
According to federal investigators, Chinese state-sponsored hackers have been targeting companies across the US to steal intellectual property and other confidential information.
Last week, the FBI said the agency is currently conducting “about 1,000 investigations” into Chinese technology theft.
To fight back, federal investigators have resorted to a naming-and-shaming approach when the hackers are often based in China, a country that refuses to extradite its own citizens to the US.
For example, last year federal investigators publicly charged and issued a wanted poster for a 32-year-old Chinese national with the 2015 data breach of the health insurance provider Anthem, which also pilfered the personal records of 78.8 million people.
In the Equifax case, federal investigators claim the four PLA officers broke into Equifax’s servers by exploiting a publicly known vulnerability in the Apache Struts software that the credit agency had failed to patch.
From May 13 to July 30, 2017, the four suspects then allegedly accessed Equifax’s databases, ran queries for the desired information, and exfiltrated the data.
Recommended by Our Editors
“In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and Social Security numbers for nearly half of all American citizens,” the Justice Department said.
To hide their activities, the hackers routed their connection to the Equifax servers via 34 servers based in nearly 20 countries.
However, federal investigators say they've uncovered evidence showing a majority of the 9,000 search queries into Equifax’s databases came from two China-based IP addresses.
The US is charging the four military officers with conspiracy to commit computer fraud, economic espionage, and wire fraud.
“This is not the end of our investigation; to all who seek to disrupt the safety, security and confidence of the global citizenry in this digitally connected world, this is a day of reckoning,” FBI Deputy Director David Bowdich said in today’s announcement.
China has repeatedly denied it carries out state-sponsored hacks.