View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2020updated 11 Feb 2020 10:38am

Equifax Hack: US Indicts PLA

Equifax's "antiquated" IT systems made the hack easy...

By CBR Staff Writer

The United States Department of Justice (DoJ) has indicted four members of China’s People’s Liberation Army (PLA) for the 2017 date hacking of credit reporting agency Equifax — an incident which led to the exposure of personal data belonging to 143 million people, including 15.2 million in the UK.

The nine-count indictment names Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei as members of the PLA’s 54 Research Institute, a component of the Chinese military. It says they conducted an “organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company.”

Equifax Hack a “Sweeping Intrusion”

“This was a deliberate and sweeping intrusion into the private information of the American people,” said Attorney General William Barr.

““Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”

The four exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal. They used this access to conduct reconnaissance of Equifax’s online dispute portal and to obtain login credentials that could be used to further navigate Equifax’s network.

To evade detection, they allegedly routed traffic through “approximately 34 servers located in nearly 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in with normal network activity, and deleted compressed files and wiped log files on a daily basis in an effort to eliminate records of their activity” the DoJ said.

Earlier reports suggest their task may not have been particularly challenging. A late-2018 report by the US House of Representatives’ Oversight Committee noted that “Equifax did not see the data exfiltration because the device used to monitor ACIS network traffic had been inactive for 19 months due to an expired security certificate” (one of 300 left to expire).

Content from our partners
Why email is still the number one threat vector
Why HR must take firm steps to become a more data-driven function
Why enterprises of all sizes must  embrace smart manufacturing solutions

That report added: “Equifax ran a number of its most critical IT applications on custom-built legacy systems. Both the complexity and antiquated nature of Equifax’s IT systems made IT security especially challenging.”

The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. The defendants are also charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud.

The investigation was conducted jointly by the U.S. Attorney’s Office for the Northern District of Georgia, the Criminal and National Security Divisions of the Department of Justice, and the FBI’s Atlanta Field Office. The FBI’s Cyber Division also provided support. Equifax cooperated fully and provided valuable assistance in the investigation.

See also: Damning Report on Equifax Security Failures is a Lesson for all Enterprises

 

 

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU