The U.S. Department of Justice has announced that four members of the Chinese military have been indicted for the 2017 hack of Equifax that compromised the data of at least 145 million people. The theft of social security numbers, addresses, and driver’s licence information has been characterised as the largest consumer data hack in U.S. history.
The hackers allegedly exploited an unnamed vulnerability in a web portal used by Equifax for disputes to gain login credentials, according to a DOJ press release. The four defendants are all members of the People’s Liberation Army (PLA), identified as Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei, by the indictment posted online.
The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. They’re also charged with two counts of unauthorised computer access and one count of economic espionage, as well as three counts of wire fraud.
The four defendants spent weeks running queries to figure out Equifax’s database structure and identify sensitive information, according to the DOJ.
“Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the United States,” according to the DOJ.
The hackers allegedly routed their traffic to “nearly 20 countries” to hide their location, according to the DOJ, and used encrypted communication channels in an effort to blend in with normal activity on Equifax’s network. The hackers also allegedly wiped log files on a daily basis to cover their tracks.
The indictments, announced by U.S. Attorney General William Barr in a press conference streamed online, are the first time that the U.S. government has formally accused China of being behind the Equifax hack.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Barr said in a statement. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us.”
At the press conference, Barr said that while the U.S. does its own intelligence collection around the world, it only does “legitimate” spying.
“Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information,” Barr continued.
Barr fled the press conference after a journalist asked about President Donald Trump’s attorney Rudy Giuliani and his meddling in Ukraine to dig up dirt on Democratic presidential hopeful Joe Biden. Other DOJ officials were left to pick up the slack and finish the press conference.
This is only the second time in history that the U.S. has indicted Chinese military hackers. The Obama administration indicted five members of the PLA in 2014, including hackers “UglyGorilla” and “KandyGoo,” for hacking into companies like Westinghouse Electric and the United States Steel Corporation to allegedly steal trade secrets.
The U.S. and China do not have an extradition treaty, which means that it’s unlikely any of the four defendants indicted today will be arrested by American authorities.