Beijing said Tuesday it "never engages" in cybertheft, following US indictments of four Chinese army members for alleged involvement in the massive 2017 hacking of credit rating agency Equifax.

The US Justice Department on Monday accused the hackers of stealing the sensitive personal information of some 145 million Americans, in one of the world's largest-ever data breaches.

Four members of the Chinese army's 54th Research Institute were charged with multiple counts of hacking, computer fraud, economic espionage and wire fraud.

US officials said it took well over a year to track them through the 34 servers in 20 countries they allegedly used to hide their tracks.

"This was an organised and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military," Attorney General Bill Barr said.

Beijing firmly rejected the claims Tuesday, saying it is a "staunch defender of cybersecurity".

"The Chinese government and army... never engage in or participate in activities of trade theft through the internet," said foreign ministry spokesman Geng Shuang at a regular press briefing.

- Intelligence gathering -

The hack stunned US intelligence officials, following a similar intrusion on the civil service database of the Office of Personnel Management (OPM), also blamed on the Chinese.

Since then, as well, hotels giant Marriott lost data on some 500 million global customers to hackers believed to be Chinese.

US officials believe the Chinese military and security service are collecting personal data on Americans for strictly intelligence purposes.

After the OPM hack there were worries that Beijing could use the information to identify US spies working under the cover of non-intelligence jobs.

FBI Deputy Director David Bowdich said there was no evidence yet of the Equifax data having been used, for example to hijack a person's bank account or credit card.

But he added: "If you get the personal identifying information of people, you can do a lot with that."

Atlanta-based Equifax is one of three giant, little-regulated credit-raters who sweep up financial data on all Americans -- their credit cards and banking activity especially -- that necessarily comes with identifying data like their addresses and social security numbers.

The hackers allegedly took advantage of a vulnerability in the Apache Struts web-application software that Equifax had on its systems.

While Apache notified clients of the problem in March 2017, Equifax did not fix it for months, allowing the hackers to enter their systems with relative ease.

They infected Equifax's computers with "web shells" that gave them the ability to remotely manipulate the systems and to steal identities that expanded their access.

Investigators said the Chinese, using encrypted channels, ran some 9,000 queries through Equifax's computing systems to obtain, divide, compress and exfiltrate the data, bit by bit.

The US believes the suspects -- Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei -- are currently in China.

- Cutting corners -

In a statement Equifax thanked the Justice Department for its help and pledged to better protect consumer data.

"Cybercrime is one of the greatest threats facing our nation today, and it is an ongoing battle that every company will continue to face as attackers grow more sophisticated," it said.

But Senator Ron Wyden said one solution was to implement stronger privacy laws to force better corporate behaviour.

"When companies like Equifax amass vast stores of sensitive personal information and then cut corners on security, they become irresistible targets for unfriendly regimes like China," he said.

Besides the data on Americans, the hackers scored personal information on nearly one million Britons and Canadians in the breach.

Barr said that while many countries gather intelligence for national security reasons, only China has swept up massive data on civilians.

"For years, we have witnessed China's voracious appetite for the personal data of Americans," he said.

"This data has economic value, and these thefts can feed China's development of artificial intelligence tools as well as the creation of intelligence targeting packages."

US indicts four Chinese military 'hackers' for Equifax breach
Washington (AFP) Feb 10, 2020 - The US Justice Department on Monday announced indictments of four members of China's People's Liberation Army for alleged involvement in the massive 2017 hack of the database of giant US credit rating agency Equifax.

The hackers are accused of stealing the sensitive personal information on some 145 million Americans, in one of the world's largest ever data breaches, said Attorney General Bill Barr.

"This was a deliberate and sweeping intrusion into the private information of the American people," he said.

Four members of the Chinese army's 54th Research Institute -- Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei -- were charged with multiple counts of hacking, computer fraud, economic espionage and wire fraud.

- 'Remarkably brazen' -

Officials said it took well over a year to track them through the 34 servers in 20 countries they allegedly used to hide their tracks.

"This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military," Barr said.

The hack stunned US intelligence officials, following a similar intrusion on the civil service database of the Office of Personnel Management (OPM), also blamed on the Chinese.

Since then, as well, hotels giant Marriott lost data on some 500 million global customers to hackers believed to be Chinese.

US officials believe the Chinese military and security service are collecting personal data on Americans for strictly intelligence purposes.

After the OPM hack there were worries that Beijing could use the information to identify US spies working under the cover of non-intelligence jobs.

FBI Deputy Director David Bowdich said there was no evidence yet of the Equifax data having been used, for example to hijack a person's bank account or credit card.

But he added: "If you get the personal identifying information of people, you can do a lot with that."

Atlanta-based Equifax is one of three giant, little-regulated credit-raters who sweep up financial data on all Americans -- their credit cards and banking activity especially -- that necessarily comes with identifying data like their addresses and social security numbers.

The hackers allegedly took advantage of a vulnerability in the Apache Struts web-application software that Equifax had on its systems.

While Apache notified clients of the problem in March 2017, Equifax didn't fix it for months, allowing the hackers to enter their systems with relative ease.

They infected Equifax's computers with "web shells" that gave them the ability to remotely manipulate the systems and to steal identities that expanded their access.

Investigators said the Chinese, using encrypted channels, ran some 9,000 queries through Equifax's computing systems to obtain, divide, compress and exfiltrate the data, bit by bit.

The US believes the suspects are currently in China.

- Cutting corners -

In a statement Equifax thanked the Justice department for its help and pledged to better protect consumer data.

"Cybercrime is one of the greatest threats facing our nation today, and it is an ongoing battle that every company will continue to face as attackers grow more sophisticated," it said.

"Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement and private business that we have experienced firsthand."

But Senator Ron Wyden said one solution is to implement stronger privacy laws to force better corporate behavior.

"When companies like Equifax amass vast stores of sensitive personal information and then cut corners on security, they become irresistible targets for unfriendly regimes like China," he said.

- Voracious appetite -

Besides the data on Americans, the hackers scored personal information on nearly one million British and Canadians in the breach.

Barr said that while many countries gather intelligence for national security reasons, only China has swept up massive data on civilians.

"For years, we have witnessed China's voracious appetite for the personal data of Americans," he said.

"This data has economic value, and these thefts can feed China's development of artificial intelligence tools as well as the creation of intelligence targeting packages."

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only

Barrage of mysterious bomb hoaxes plagues Moscow
Moscow (AFP) Feb 10, 2020
Moscovites are mystified by a flood of bomb hoaxes forcing the evacuation of courts, schools and malls while authorities appear unable to find the culprits even after months of disruption to public life. The warnings of planted bombs, all of them false, have been sent to numerous Russian cities, but particularly targeted the capital, where around 16 million live and work, with up to 1,000 threats per day. Since late November, more than 1.6 million people have been evacuated from buildings in Mos ... read more