The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

U.S. Indicts Four Chinese Military Members for Equifax Hack

by Chris Brook on Tuesday February 11, 2020

Contact Us
Free Demo
Chat

In charging four Chinese nationals with 2017's Equifax hack this week, the DOJ also said intellectual property - Equifax's own trade secrets - were stolen as part of the hack.

The U.S. Department of Justice, in yet another public condemnation of foreign hacking, attributed 2017's massive Equifax hack to four Chinese military hackers on Monday.

The hackers, who the DOJ said were acting on behalf of the Chinese People's Liberation Army, secured access to and exfiltrated data - much of it sensitive - for 145 million Americans over the course of several weeks that summer.

According to the DOJ, four members of the PLA, Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei, worked together to break into Equifax's networks, gain persistence, and steal personally identifiable information.

To recap, as part of the breach, in addition to names, birth dates, and social security numbers, hackers also made off with driver's license numbers for at least 10 million Americans, credit card numbers and PII belonging to 200,000 Americans, in addition to PII on roughly one million individuals residing in United Kingdom and Canada. A House Oversight Committee report in 2018 famously said the breach could have been prevented had the company overcome the shortcomings in its IT systems.

While the nine-count indictment covers a lot of information already made public - the fact the hackers exploited a vulnerability in the Apache Struts Web Framework, that it took the attackers 9,000 database queries to get the data they were after, etc. - the charges are the first instance of public attribution the U.S. government has made around the attack.

According to the indictment, to hide their tracks the attackers routed traffic through 34 servers in 20 countries, used encrypted communication channels to blend in with the usual network activity, and erased compressed files and log files regularly.

The indictment also charges the four individuals with stealing trade secret information, in particular Equifax's data compilations and database designs – materials the court document claims had been developed over decades.

“In short, this was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” Barr said at a press conference announcing the charges Monday morning.

The hack, against one of the nation's largest credit reporting agencies, is yet another feather in China's cap; it joins other hacks attributed to China, including the Office of Personnel Management, Marriott International, and insurance company Anthem.

While attribution is important, Equifax's own missteps leading up to the attack cannot be wiped from the history books. The hackers still targeted a known security vulnerability - the Struts vulnerability was announced on March 7, 2017 - that Equifax left unpatched for more than six weeks.

The indictment almost came down like clockwork, mere days after U.S. Attorney General William Barr announced that federal prosecutors were readying new charges against Chinese nationals around hacking and insider threats. Barr made the claim during a speech at the Center for Strategic and International Studies in Washington, D.C. on Thursday.

"Chinese theft by hacking has continued, and you should expect more indictments and prosecutions in the future," Barr said at at the China Initiative Conference, a government event designed to highlight the severity around China's theft of IP.

At the conference, FBI Director Christopher Wray reiterated that the FBI is still looking into around 1,000 cases involving Chinese IP theft "spanning just about every industry and sector." The figure is consistent with a statement made by Wray last summer.

“There is no country that poses a more severe counter-intelligence threat to this country right now than China … and I don’t say it lightly,” Wray told the US Senate Judiciary Committee in July.

Tags: undefined

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.