BEIJING: Beijing said on Tuesday it “never engages” in cybertheft,following US indictments of four Chinese army members for allegedinvolvement in the massive 2017 hacking of credit rating agency Equifax.
The US Justice Department on Monday accused the hackers of stealing thesensitive personal information of some 145 million Americans, in one of theworld’s largest-ever data breaches.
Four members of the Chinese army’s 54th Research Institute were chargedwith multiple counts of hacking, computer fraud, economic espionage andwire fraud.
US officials said it took well over a year to track them through the 34servers in 20 countries they allegedly used to hide their tracks.
“This was an organised and remarkably brazen criminal heist of sensitiveinformation of nearly half of all Americans, as well as the hard work andintellectual property of an American company, by a unit of the Chinesemilitary,” Attorney General Bill Barr said.
Beijing firmly rejected the claims on Tuesday, saying it is a “staunchdefender of cybersecurity”.
“The Chinese government and army… never engage in or participate inactivities of trade theft through the internet,” said foreign ministryspokesman Geng Shuang at a regular press briefing.
Intelligence gathering
The hack stunned US intelligence officials, following a similar intrusionon the civil service database of the Office of Personnel Management (OPM),also blamed on the Chinese.
Since then, as well, hotels giant Marriott lost data on some 500 millionglobal customers to hackers believed to be Chinese.
US officials believe the Chinese military and security service arecollecting personal data on Americans for strictly intelligence purposes.
After the OPM hack there were worries that Beijing could use theinformation to identify US spies working under the cover ofnon-intelligence jobs.
FBI Deputy Director David Bowdich said there was no evidence yet of theEquifax data having been used, for example to hijack a person’s bankaccount or credit card.
But he added: “If you get the personal identifying information of people,you can do a lot with that.”
Atlanta-based Equifax is one of three giant, little-regulated credit-raterswho sweep up financial data on all Americans — their credit cards andbanking activity especially — that necessarily comes with identifying datalike their addresses and social security numbers.
The hackers allegedly took advantage of a vulnerability in the ApacheStruts web-application software that Equifax had on its systems.
Read Top Stories
While Apache notified clients of the problem in March 2017, Equifax did notfix it for months, allowing the hackers to enter their systems withrelative ease.
They infected Equifax’s computers with “web shells” that gave them theability to remotely manipulate the systems and to steal identities thatexpanded their access.
Investigators said the Chinese, using encrypted channels, ran some 9,000queries through Equifax’s computing systems to obtain, divide, compress andexfiltrate the data, bit by bit.
The US believes the suspects — Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei —are currently in China.
Cutting corners
In a statement Equifax thanked the Justice Department for its help andpledged to better protect consumer data.
“Cybercrime is one of the greatest threats facing our nation today, and itis an ongoing battle that every company will continue to face as attackersgrow more sophisticated,” it said.
But Senator Ron Wyden said one solution was to implement stronger privacylaws to force better corporate behaviour.
“When companies like Equifax amass vast stores of sensitive personalinformation and then cut corners on security, they become irresistibletargets for unfriendly regimes like China,” he said.
Besides the data on Americans, the hackers scored personal information onnearly one million Britons and Canadians in the breach.
Barr said that while many countries gather intelligence for nationalsecurity reasons, only China has swept up massive data on civilians.
“For years, we have witnessed China’s voracious appetite for the personaldata of Americans,” he said.
“This data has economic value, and these thefts can feed China’sdevelopment of artificial intelligence tools as well as the creation ofintelligence targeting packages.” -APP/AFP
