US indicts four Chinese military members over Equifax hacking
pixelcreatures / Pixabay
US indicts four Chinese military members over Equifax hacking

US Attorney General William Barr announced on Monday the indictment of four members of the Chinese military charged with hacking into the computer systems of credit reporting agency Equifax and exposing nearly half of Americans’ personal data in 2017.

Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊) were each members of the Chinese military’s 54th Research Institute where they allegedly performed the attacks through state-sponsored computer intrusions and thefts targeting trade secrets and confidential business information. According to Barr, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for 150 million Americans.

“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the U.S. Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax.” Barr added, “About 80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret theft cases in recent years involved some connection to China.”

According to a press release from US Attorney Byung “BJay” Pak of the Northern District of Georgia, which brought the indictment, “[The defendants] routed traffic through approximately 34 servers located in nearly 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in with normal network activity, and deleted compressed files and wiped log files on a daily basis in an effort to eliminate records of their activity.”

The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage and conspiracy to commit wire fraud. The defendants are also charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage and three counts of wire fraud.