Prosecutors in the US Justice Department have charged four members of the Chinese People’s Liberation Army for their role in the Equifax data breach – one of the largest cyber security hacks in US history.
Among those charged with the breaking into Equifax’s IT infrastructure in 2017, are Chinese nationals Wu Zhiyong, Wang Qian, Xu Ke, Liu Lei, the indictment reveals. Each now faces charges of economic espionage, wire fraud and computer fraud.
At a press conference today, deputy director at the FBI, David Bowdich, described the initial crime as “the largest theft of sensitive PII by state-sponsored hackers ever recorded.”
“American business cannot be complacent about protecting their data,” he added.
The Equifax data breach enabled online criminals to get their hands on the private information of nearly 147 million US citizens, with birth dates and social security numbers among the data compromised.
Last month, the credit ratings agency agreed to pay $380.50 million to settle lawsuits following court sessions in Atlanta, Georgia, where a federal judge announced the money would be deposited in to a fund through which members of a class action lawsuit against Equifax can claim up to $20,000 in compensation each.
Bowdich went on to explain how this is the second time the Justice Department has singled out state-sponsored hackers from China. The last time was in 2018, when Chinese individuals were charged with a theft from NASA.
In an official statement preceding the Equifax case, Attorney General William P. Barr said the Chinese hackers were responsible for “a deliberate and sweeping intrusion into the private information of the American people.”
“This data has economic value and these thefts can feed china’s development of artificial intelligence tools as well as the creation of intelligence targeting packages,” Barr said.
When the Equifax data breach was initially discovered, an unpatched server was blamed. The indictment describes how the hackers broke in through the vulnerability to gain access to Equifax servers at the end of July 2017.
Once security had been compromised, the hackers are said to have stolen login details, sensitive data, and trade secrets. The perpetrators allegedly tried to hide their activities by using 34 servers located in 20 other countries. Encrypted communications within Equifax’s IT systems were used to execute commands while hiding within the firm’s standard operations.
None of the hackers is in police hands, The Washington Post reports, and US officials are not optimistic of any of them coming to the States to stand trial. However, it is hoped that the formal prosecution will serve as a warning to cyber-criminals in future.
“We can’t take them into custody, try them in a court of law, and lock them up — not today, anyway. But one day, these criminals will slip up, and when they do, we’ll be there,” Bowdich said.