2 min read

China denies it was behind the Equifax hack, as four men charged for data breach

Graham CLULEY

February 11, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
China denies it was behind the Equifax hack, as four men charged for data breach

A Chinese spokesperson has strongly denied that his government was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens.

Chinese foreign ministry spokesperson Geng Shuang was reacting to news that the US Department of Justice had charged four men, allegedly members of China’s People’s Liberation Army (PLA), with orchestrating what the FBI has described as the “largest theft of sensitive personally identifiable information by state-sponsored hackers ever recorded.”

“The Chinese government, military and relevant personnel never engage in cyber theft of trade secrets,” Shuang was reported as saying. “It has long been an open secret that the US government and relevant departments, in violation of international law and basic norms governing international relations, have been engaging in large-scale, organized and indiscriminate cyber stealing, spying and surveillance activities on foreign governments, enterprises and individuals.”

In other words, if I may paraphrase Mr Shuang, “we here in China would never hack anyone… it’s you in America who do it!”

Hmm. I think it be more honest to admit that just about every country in the world is likely to be involved in cyberespionage – if only because it is a relatively cheap and safe way to conduct espionage and gain advantages over other countries, with an additional side benefit of being so easy to deny responsibility.

According to the United States, the hackers (Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei were all members of a unit of the PLA, the 54th Research Institute.

They are accused of not only gaining unauthorised access to Equifax’s network, and stealing sensitive, personally identifiable information of many millions of individuals in the United States and elsewhere, but also stealing trade secret information, such as Equifax’s data compilations and database designs.

It’s probably never easy to keep a determined state-sponsored attacker out of your organisation, but Equifax was found to have done a pretty poor job of securing its network.

After the breach was disclosed it was revealed that the company had made a number of major security lapses including using “admin” as a username and password internally, and knew about a vulnerability on the web portal through which the hackers later gained access, but failed to apply the available Apache Struts security patches.

Shockingly, some of Equifax’s staff were later found guilty of insider trading in the company’s shares before the breach was made public – taking advantage of the fact that they knew there was very bad news around the corner.

Ultimately, of course, it is the hackers rather than those who were hacked who are to blame.

But what realistic chance is there that these four men will ever appear in a court to answer the charges? My prediction is zero

This was one of the most significant data breaches ever, and could impact many millions of individuals for years. And no-one is ever likely to be held properly accountable for it.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read