DOJ: Chinese military broke into Equifax computers, stole personal data of millions of Americans – AG: ‘The scale of the theft was staggering’

Attorney General William Barr speaks during a news conference, Monday, Feb. 10, 2020, at the Justice Department in Washington, as Principal Associate Deputy Attorney General Seth Ducharm looks on. Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history. (AP Photo/Jacquelyn Martin)

By ERIC TUCKER and MICHAEL BALSAMO Associated Press, WASHINGTON (AP) 02/10 — Four members of the Chinese military have been charged with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data.

The hackers in the 2017 breach stole the personal information of roughly 145 million Americans, collecting names, addresses, Social Security and driver’s license numbers and other data stored in the company’s databases. The intrusion damaged the company’s reputation and underscored China’s increasingly aggressive and sophisticated intelligence-gathering methods.

“The scale of the theft was staggering,” Attorney General William Barr said Monday in announcing the indictment. “This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.”

Attorney General William Barr, right, next to FBI Deputy Director David Bowdich, speaks during a news conference, Monday, Feb. 10, 2020, at the Justice Department in Washington. Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history. (AP Photo/Jacquelyn Martin)

 

The case is the latest U.S. accusation against Chinese hackers suspected of breaching networks of American corporations, including steel manufacturers, a hotel chain and a health insurer. It comes as the Trump administration has warned against what it sees as the growing political and economic influence of China, and efforts by Beijing to collect data for financial and intelligence purposes and to steal research and innovation.

The indictment arrives at a delicate time in relations between Washington and Beijing. Even as President Donald Trump points to a preliminary trade pact with China as evidence of his ability to work with the Communist government, other members of his administration have been warning against cybersecurity and surveillance risks posed by China, especially as the tech giant Huawei seeks to become part of new, high-speed 5G wireless networks across the globe.

Experts and U.S. officials say the Equifax theft is consistent with the Chinese government’s interest in accumulating as much information about Americans as possible.

The data can be used by China to target U.S. government officials and ordinary citizens, including possible spies, and to find weaknesses and vulnerabilities that can be exploited — such as for purposes of blackmail. The FBI has not seen that happen yet in this case, said Deputy Director David Bowdich, though he said it “doesn’t mean it will or will not happen in the future.”

“We have to be able to recognize that as a counterintelligence issue, not a cyber issue,” said Bill Evanina, the U.S. government’s top counterintelligence official.

Attorney General William Barr, left, arrives to speak, next to Assistant Attorney General John Demers and U.S. Attorney for the Northern District of Georgia Byung “BJay” Pak, right, during a news conference, Monday, Feb. 10, 2020, at the Justice Department in Washington. Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history. (AP Photo/Jacquelyn Martin)

 

The four accused hackers are suspected members of the People’s Liberation Army, an arm of the Chinese military that was blamed in 2014 for a series of intrusions into American corporations.

Prosecutors say they exploited a software vulnerability to gain access to Equifax’s computers, obtaining log-in credentials that they used to navigate databases and review records. They also took steps to cover their tracks, the indictment says, wiping log files on a daily basis and routing traffic through dozens of servers in nearly 20 countries.

Besides stealing personal information, the hackers also made off with some of the company’s sensitive trade secrets, including database designs, law enforcement officials said.

Equifax, headquartered in Atlanta, maintains a massive repository of consumer information that it sells to businesses looking to verify identities or assess creditworthiness. All told, the indictment says, the company holds information on hundreds of millions of people in America and abroad,

The accused hackers are based in China and none is in custody. But U.S. officials nonetheless hope criminal charges can be a deterrent to foreign hackers and a warning to other countries that American law enforcement has the capability to pinpoint individual culprits. Even so, while China and the U.S. committed in 2015 to halt acts of cyber espionage against each other, the Equifax intrusion and others like it make clear that Beijing has continued its operations.

A spokesperson for the Chinese Embassy in Washington did not return an email seeking comment Monday.

The case resembles a 2014 indictment by the Obama administration Justice Department that accused five members of the PLA of hacking into American corporations to steal trade secrets. U.S. authorities also suspect China in the massive 2015 breach of the federal Office of Personnel Management and of intrusions into the Marriott hotel chain and health insurer Anthem.

Such hacks “seem to deliberately cast a wide net” so that Chinese intelligence analysts can get deep insight into the lives of many Americans, said Ben Buchanan, a Georgetown University scholar and author of the upcoming book “The Hacker and the State.”

Attorney General William Barr speaks during a news conference, Monday, Feb. 10, 2020, at the Justice Department in Washington. Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history. (AP Photo/Jacquelyn Martin)

 

“This could be especially useful for counterintelligence purposes, like tracking American spies posted to Beijing,” Buchanan said.

Barr, who at an event last week warned of Beijing’s aspirations of economic dominance, said Monday that the U.S. has for years “witnessed China’s voracious appetite for the personal data of Americans.”

“This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” Barr said.

The criminal charges, which include conspiracy to commit computer fraud and conspiracy to commit economic espionage, were filed in federal court in Atlanta, where the company is based.

Equifax last year reached a $700 million settlement over the data breach, with the bulk of the funds intended for consumers affected by it.

Equifax officials told the Government Accountability Office the company made many mistakes, including having an outdated list of computer systems administrators. The company didn’t notice the intruders targeting its databases for more than six weeks. Hackers exploited a known security vulnerability that Equifax hadn’t fixed.

While company stock has recovered, Equifax’s reputation has not fully. The company was dragged in front of Congress no less than four times to publicly explain what happened.

The company is about to start paying out claims on its $700 million settlement, of which more claimants have opted in to getting a cash settlement than accept credit counseling. So many claims have been made for the cash, that the lawyers suing Equifax and the Federal Trade Commission have warned claimants that the chances of getting the full cash value of the settlement was unlikely.

______

Associated Press writers Nick Jesdanun and Ken Sweet in New York and Frank Bajak in Boston contributed to this report.

https://apnews.com/05aa58325be0a85d44c637bd891e668f

Copyright 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Posted in: Abuse, Crime & Criminals, Cybersecurity/Cybercrime, Data Security/Data Privacy, Dept. of Justice, Espionage, Intelligence Agencies

Leave a Reply

Your email address will not be published. Required fields are marked *

20 + 17 =

Terms of Use for Posting Comments

Terms of Use

This site (the “Site”) is operated and maintained by Law Enforcement Education Foundation, Corporation (“Company”). Throughout the Site, the terms “we”, “us” and “our” refer to Company.  The words “user,” “you” and “your” as used herein refer to you.

Please read these terms and conditions of use (“Terms of Use”) carefully before contributing content. If you do not agree to these Terms of Use, please do not contribute content. Your use of the Site is subject to the Terms and Conditions found here .

By contributing content to the Site, you represent and warrant that you are at least eighteen (18) years old and that you have read and understand these Terms of Use and any amendments thereto and agree to be bound by them. If you are not at least eighteen (18) years old or you do not agree and accept these Terms of Use, you are prohibited from contributing content.

From time to time, we may permit users to submit content to the Site.  You hereby acknowledge and agree that by submitting remarks, comments, suggestions, ideas, graphics, feedback, edits, concepts, comments, photographs, illustrations and other materials (other than personal information and/or registration information) through the Site (individually and collectively, “Submissions”), you (i) grant us a nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, adapt, translate, distribute, publish, create derivative works from and publicly display and perform such Submissions throughout the world in any media, now known or hereafter created, without attribution to you; (ii) grant us the right to pursue at law any person or entity that violates your and/or our rights in your Submissions; and (iii) forever waive any and all of your rights, including but not limited to moral rights, if any, in and to your Submissions, including, without limitation, any all rights or requirements of attribution or identification of you as the author of the Submission or any derivative thereof.  We reserve the right to remove any of your Submissions from the Site, in whole or in part, without notice to you, for any reason or no reason.

Submissions are made voluntarily. Any submissions which include personally identifiable information are subject to our Privacy Policy found here .  You may not upload or otherwise publish content on the Site that (i) is confidential to you or any third party; (ii) is untrue, inaccurate, false or other than an original work of your authorship; (iii) that relates to or impersonates any other person; (iv) violates the copyright, trademark, patent or other intellectual property rights of any person or entity; (v) contains any content, personally identifiable information or other information, or materials of any kind that relate or refer to any other person or entity other than the provider of the products, goods or services to which the Submission relates; or (vi) violates any law, or in any manner infringes or interferes with the rights of others, including but not limited to the use of names, information, or materials that (A) libel, defame, or invade the privacy of any third party, (B) are obscene or pornographic, (C) are harmful, threatening, offensive, abusive, harassing, vulgar, false or inaccurate, racially, sexually, ethnically or are otherwise objectionable or otherwise contrary to the laws of any place where such Submissions may be accessed; (D) constitute personal attacks on other individuals; (E) promote criminal, immoral or illegal activity; (F) promote or advertise any person, product or service or solicit funds; or (G) are deemed confidential by any contract or policy.

You are solely responsible for any Submissions you make and their accuracy. We take no responsibility and assume no liability for any Submissions posted by you or any third party.

Unless approved by us in writing in advance, you agree not to: (i) provide or create a link to the Site; or (ii) create any frames at any other sites pertaining to any of the content located on the Site.

We reserve the right, in our discretion, to update, change or replace any part of these Terms of Use for Posting Comments by posting updates and/or changes to our Site.  It is your responsibility to check this page periodically for changes.  Your continued use of, and/or access to the Site, following the posting of any changes to these Terms of Use for Posting Comments, constitutes your acceptance of those changes.