The FBI released the below
information:
During a February 10, 2020 press
conference at the Department of Justice in Washington, D.C., FBI Deputy
Director David Bowdich joined other officials in announcing charges against
four Chinese military-backed hackers in connection with the 2017 cyberattack
against Equifax.
Today, the U.S. Department of
Justice announced charges against four Chinese military-backed hackers in
connection with carrying out the 2017 cyberattack against Equifax, a consumer
credit reporting agency. The intrusion led to the largest known theft of
personally identifiable information ever carried out by state-sponsored actors.
Investigators had previously
discovered and announced the type of malware that allowed the hackers to
harvest addresses, birth dates, Social Security numbers, and other data on
approximately 145 million Americans. Today’s indictment charges that members of
the People’s Liberation Army—the armed forces of the People’s Republic of
China—were behind that malware attack.
According to the indictment, Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei
exploited a vulnerability in the dispute resolution website within the Equifax
system. From that initial access point, the hackers used a number of techniques
to force their way into the company’s network and back-end databases.
In announcing the charges, U.S.
Attorney General William Barr said the Equifax intrusion is among other efforts
by the Chinese government to steal the personal data of Americans. The Justice
Department believes the Chinese were also responsible for breaching systems
controlled by the Office of Personnel Management, Marriott hotels, and the
health insurance company Anthem.
“This data has economic value, and
these thefts can feed China’s development of artificial intelligence tools as
well as the creation of intelligence-targeting packages,” Barr said. “In
addition to the thefts of sensitive personal data, our cases reveal a pattern
of state-sponsored computer intrusions and thefts by China targeting trade
secrets and confidential business information.”
To uncover the actors behind the
Equifax theft, a broad and multinational investigative team led by the FBI’s
Atlanta Field Office tracked the crime’s digital breadcrumbs back to the four
co-conspirators—who allegedly used servers in multiple countries and
approximately 40 different IP addresses to disguise the origin of the attack.
FBI Deputy Director David Bowdich
said today’s announcement is “a testament to the hard work and determination of
everyone involved in this investigation.”
Bowdich also said that although
these types of breaches have become disturbingly common, businesses cannot
become complacent about protecting data and consumers. “And as American
citizens, we cannot be complacent about protecting our sensitive personal
data,” Bowdich emphasized. “We in law enforcement will not let hackers off the
hook just because they’re halfway around the world. We’ve got to do everything
we can to keep people safe, secure, and confident online.”
You can find additional information
about the Equifax data breach through the Federal Trade Commission at ftc.gov/equifax.
Learn more about protecting your
personal and business systems and reporting cyber-enabled crime at the FBI’s Internet Crime
Complaint Center.
No comments:
Post a Comment