Following a two year long investigation, the US has reportedly determined who was behind the breach of Equifax systems back in 2017.
In a statement issued on Monday, US Attorney General, William Barr alleged that four members of the Chinese People’s Liberation army were behind the breach. An indictment (formally charging a person with a criminal offense) has been issued for the four.
“According to the nine-count indictment handed down by a grand jury in Atlanta, four members of the Chinese People’s Liberation Army, or PLA – Wang Qian, Wu Zhiyong, Xu Ke, and Liu Lei – are alleged to have conspired to hack Equifax’s computer systems and commit economic espionage. In doing so, they are alleged to have damaged Equifax’s computer systems and to have committed wire fraud,” said Barr in a speech.
The AG describes how the attackers infiltrated Equifax’s network through the firm’s dispute resolution website. From there the attackers were able to steal data, execute malware and more.
“While doing this, the hackers also stole Equifax’s trade secrets, embodied by the compiled data and complex database designs used to store the personal information. Those trade secrets were the product of decades of investment and hard work by the company,” said Barr.
The hackers reportedly spent an inordinate amount of time spying on Equifax as well. You can read details of the investigation here.
According to a BBC report, China’s foreign ministry spokesperson, Geng Shuang denied the allegations saying China doesn’t engage in cyber theft of trade secrets.
Equifax welcomed the indictments.
“We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017,” wrote Equifax chief executive officer, Mark Begor.
“It is reassuring that our federal law enforcement agencies treat cybercrime – especially state-sponsored crime – with the seriousness it deserves, and that the Justice Department is committed to pursuing those who target U.S. consumers, businesses and our government,” Begor added.
The Equifax hackers obtained the names, birth dates, and social security numbers of nearly 150 million Americans, and the driver’s license numbers of at least 10 million Americans when the systems were breached.
As the US has now formerly charged the alleged members of the PLA, it’s unclear how this matter will move forward especially given that the whereabouts of the four alleged hackers is unknown.
You can watch the full statement from the US Department of Justice in the video below.
[Image – FBI]