US Indicts Four Chinese Military Officials for 2017 Equifax Hack

US Indicts Four Chinese Military Officials for 2017 Equifax Hack

Millions of Americans have been dealing with the fallout from the Equifax hack since 2017, and the US government just announced the first criminal charges in the case. Four members of the Chinese military are listed in the indictment, which the US Justice Department filed today in federal court. While the case sheds new light on the nature of the hack, it’s unlikely any of the officials will ever end up in a US court.

The indictment alleges that Wang Qian, Xu Ke, Wu Zhiyong, and Liu Lei conducted the hack as members of the Chinese Liberation Army’s 54th Research Institute. They are charged with nine counts including computer fraud, wire fraud, and economic espionage. The FBI has limited information on the officials — it doesn’t even have a photo of Liu. The group used a known vulnerability in Apache Struts to access the Equifax system over the course of months while Equifax’s network security personnel were none the wiser.

As one of the “big three” credit rating agencies, Equifax holds extensive data on millions of Americans, and there’s no way for us to avoid the company’s data dragnet. Equifax disclosed the breach in September 2017, several months after it became aware of the situation. Some 147 million Americans were affected by the hack, which involved the theft of data like names, social security numbers, emails, home addresses, phone numbers, and even some full credit card account details.

US Indicts Four Chinese Military Officials for 2017 Equifax Hack

Several Equifax executives were forced to leave the company in the wake of the announcement, but it’s so deeply embedded in the financial infrastructure of the United States that very little has changed for Equifax as a whole. Equifax still operates in essentially the same way it did before the breach. Last summer, Equifax reached a settlement with US regulators to compensate victims of the hack to the tune of $300 million. Later, the company had to pledge another $125 million in the event that $300 million isn’t enough to cover all claims.

The FBI admits it currently has no way to apprehend the Chinese officials, all of whom are out of reach in China. They would need to surrender or visit a country with which the US has an extradition agreement to ever show up in a US court. It’s similar to the 2018 indictments of Russian intelligence officials for the 2016 DNC hacks. While charges are pending, it’s unlikely US authorities will get their hands on the accused.

Continue reading

The Equifax Breach Might Have Been a Foreign Intelligence Operation
The Equifax Breach Might Have Been a Foreign Intelligence Operation

Security professionals are starting to suspect this was not the work of a profit-motivated hacker but rather an incredibly successful intelligence operation aimed at spying on US citizens.

FTC Toadies for Equifax, Begs Citizens to Register for Largely Worthless Credit Monitoring
FTC Toadies for Equifax, Begs Citizens to Register for Largely Worthless Credit Monitoring

The FTC is shamelessly sucking up to Equifax to avoid acknowledging its own bad settlement.