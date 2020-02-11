WASHINGTON (AP) – Four members of the Chinese military have been charged with breaking into the computer networks of the Equifax credit bureau and stealing personal information from tens of millions of people ‘Americans, the Justice Department said on Monday, accusing Beijing of one of the biggest hacks in history to target consumer data.

Hackers of the 2017 breach stole the personal information of approximately 145 million Americans, collecting names, addresses, social security and driver’s license numbers and other data stored in databases of the company. The intrusion damaged the company’s reputation and exposed China’s increasingly aggressive and sophisticated intelligence gathering methods.

“The scale of the theft was staggering,” said Attorney General William Barr on Monday when he announced the indictment. “This theft not only caused significant financial damage to Equifax, but invaded the privacy of millions of Americans, and imposed considerable costs and burdens on them, as they had to take steps to protect themselves from the identity theft.”

The case is the latest US charge against Chinese pirates suspected of raping networks of American companies, including steel manufacturers, a hotel chain and a health insurer. This comes as the Trump administration warned of what it sees as China’s growing political and economic influence and Beijing’s efforts to collect data for financial and intelligence purposes and to steal research and innovation.

The indictment comes at a delicate time in relations between Washington and Beijing. Even though President Donald Trump highlights a preliminary trade pact with China as proof of his ability to work with the Communist government, other members of his administration have warned of the risks of cybersecurity and surveillance posed by China, all the more so as the tech giant Huawei is looking to be part of new 5G broadband wireless networks around the world.

Experts and US officials say the Equifax flight is in line with the Chinese government’s interest in gathering as much information about the Americans as possible.

The data can be used by China to target U.S. government officials and ordinary people, including potential spies, and to find weaknesses and vulnerabilities that can be exploited – for example, for blackmail. The FBI has not yet seen this happen in this case, said deputy director David Bowdich, although he said it “does not mean it will or will not happen in the future”.

“We need to be able to recognize this as a counterintelligence problem, not a cyber problem,” said Bill Evanina, the US government’s top counterintelligence official, about the Equifax case. .

The four accused hackers are suspected members of the People’s Liberation Army, a branch of the Chinese military that was accused in 2014 of a series of intrusions into American companies.

Prosecutors say they have exploited a software vulnerability to gain access to Equifax computers, obtaining the login information they used to browse the databases and view the records. They have also taken steps to cover their tracks, the indictment says, erasing log files daily and routing traffic through around 30 servers in nearly 20 countries.

In addition to stealing personal information, the hackers also managed to recover some of the company’s sensitive trade secrets, including the design of databases, law enforcement officials said.

Equifax, headquartered in Atlanta, maintains an extensive repository of consumer information that it sells to businesses seeking to verify their identity or assess their creditworthiness. In total, according to the indictment, the company holds information about hundreds of millions of people in America and abroad.

None of the accused hackers are in detention in the United States. But officials nonetheless hope that criminal charges can deter foreign hackers and warn other countries that US law enforcement has the capacity to identify individual culprits. Despite this, as China and the United States committed in 2015 to end acts of cyber espionage against each other, the intrusion by Equifax and others as it clearly indicates that Beijing has continued its operations .

A spokesman for the Chinese Embassy in Washington did not return a message for comment Monday.

The case resembles a 2014 indictment that accused five PLA members of hacking American companies to steal trade secrets. The US authorities also suspect China of having violated in 2015 the Federal Office for Personnel Management and Intrusions into the Marriott hotel chain and the health insurer Anthem.

Such hacks “seemingly deliberately cast a large net” so that Chinese intelligence analysts can gain a deeper insight into the lives of Americans, said Ben Buchanan, a Georgetown scholar and author of the forthcoming book “The Hacker and the State “.

“This could be particularly useful for counterintelligence purposes, such as tracking American spies stationed in Beijing,” said Buchanan.

Barr, who warned of Beijing’s aspirations for economic dominance at an event last week, said on Monday that the United States had long “witnessed China’s voracious appetite for data. personal information of the Americans. “

“This type of attack on the US industry is a chunk with other illegal Chinese acquisitions of sensitive personal data,” said Barr.

The criminal charges, which include a conspiracy to commit computer fraud and a conspiracy to commit economic espionage, were laid in the Atlanta Federal Court.

Last year, Equifax reached a $ 700 million deal on the data breach, the bulk of which goes to consumers.

Equifax officials told the Government Accountability Office that the company had made many mistakes, including having an outdated list of IT administrators. The company has not noticed intruders targeting its databases for more than six weeks. The hackers exploited a known security vulnerability that Equifax had not patched.

Although the company’s stock has recovered, Equifax ‘reputation has not been fully established. The company was dragged to Congress no less than four times to explain what happened.

The company is about to start paying claims on its $ 700 million settlement, which more claimants have opted for in cash than accepting credit counseling. So many cash claims have been made that lawyers suing Equifax and the Federal Trade Commission have warned the plaintiffs that the chance of obtaining full monetary value from the settlement is unlikely.

