Four members of the Chinese military have been charged with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data. The criminal charges, which include conspiracy to commit computer fraud and conspiracy to commit economic espionage, were filed in federal court in Atlanta. The hackers in the 2017 breach stole the personal information of roughly 145 million Americans, collecting names, addresses, Social Security and driver's license numbers and other data stored in the company's databases. The intrusion damaged the company's reputation and underscored China's increasingly aggressive and sophisticated intelligence-gathering methods. "The scale of the theft was staggering," Attorney General William Barr said Monday in announcing the indictment. "This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft."
Experts and U.S. officials say the Equifax theft is consistent with the Chinese government's interest in accumulating as much information about Americans as possible. The data can be used by China to target U.S. government officials and ordinary citizens, including possible spies, and to find weaknesses and vulnerabilities that can be exploited—such as for purposes of blackmail. The FBI has not seen that happen yet in this case, said Deputy Director David Bowdich, though he said it "doesn't mean it will or will not happen in the future.""We have to be able to recognize that as a counterintelligence issue, not a cyber issue," Bill Evanina, the U.S. government's top counterintelligence official, said of the Equifax case. The four accused hackers are suspected members of the People's Liberation Army, an arm of the Chinese military that was blamed in 2014 for a series of intrusions into American corporations. Prosecutors say they exploited a software vulnerability to gain access to Equifax's computers, obtaining log-in credentials that they used to navigate databases and review records. They also took steps to cover their tracks, the indictment says, wiping log files on a daily basis and routing traffic through about three dozen servers in nearly 20 countries.
Besides stealing personal information, the hackers also made off with some of the company's sensitive trade secrets, including database designs, law enforcement officials said. Equifax, headquartered in Atlanta, maintains a massive repository of consumer information that it sells to businesses looking to verify identities or assess creditworthiness. All told, the indictment says, the company holds information on hundreds of millions of people in America and abroad. None of the accused hackers is in U.S. custody. But officials nonetheless hope criminal charges can be a deterrent to foreign hackers and a warning to other countries that American law enforcement has the capability to pinpoint individual culprits. Even so, while China and the U.S. committed in 2015 to halt acts of cyber espionage against each other, the Equifax intrusion and others like it make clear that Beijing has continued its operations. A spokesperson for the Chinese Embassy in Washington did not return an email seeking comment Monday.
The case resembles a 2014 indictment that accused five members of the PLA of hacking into American corporations to steal trade secrets. U.S. authorities also suspect China in the 2015 breach of the federal Office of Personnel Management and of intrusions into the Marriott hotel chain and health insurer Anthem.Such hacks "seem to deliberately cast a wide net" so that Chinese intelligence analysts can get deep insight into the lives of Americans, said Ben Buchanan, a Georgetown University scholar and author of the upcoming book "The Hacker and the State." "This could be especially useful for counterintelligence purposes, like tracking American spies posted to Beijing," Buchanan said. Barr, who at an event last week warned of Beijing's aspirations of economic dominance, said Monday the U.S. has long "witnessed China's voracious appetite for the personal data of Americans." "This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data," Barr said.
Equifax last year reached a $700 million settlement over the data breach, with the bulk of the funds intended for consumers affected by it. Equifax officials told the Government Accountability Office the company made many mistakes, including having an outdated list of computer systems administrators. The company didn't notice the intruders targeting its databases for more than six weeks. Hackers exploited a known security vulnerability that Equifax hadn't fixed. While company stock has recovered, Equifax's reputation has not fully. The company was dragged in front of Congress no less than four times to explain what happened. The company is about to start paying out claims on its $700 million settlement, of which more claimants have opted in to getting a cash settlement than accept credit counseling. So many claims have been made for the cash that the lawyers suing Equifax and the Federal Trade Commission have warned claimants that the chance of getting the full cash value of the settlement was unlikely.
https://techxplore.com/news/2020-02-chinese-military-members-equifax-breach.html
ΣΧΕΤΙΚΟ: https://www.secnews.gr/211091/equifax-paraviasi-hackers-kinezikou-stratou/
ΚΟΥΡΗΤΗΣ: ΤΟ ΣΗΜΑΝΤΙΚΟ ΣΕ ΑΥΤΗΝ ΤΗΝ ΠΕΡΙΠΤΩΣΗ ΔΕΝ ΕΙΝΑΙ ΤΙ ΕΚΑΝΑΝ ΟΙ ΚΙΝΕΖΟΙ (ή ΔΕΝ ΕΚΑΝΑΝ ΟΙ ΚΙΝΕΖΟΙ ΚΑΙ ΑΠΛΑ ΠΑΙΖΟΥΝ ΤΟΝ ΡΟΛΟ ΤΟΥ ΑΠΟΔΙΟΠΟΜΠΑΙΟΥ ΤΡΑΓΟΥ ΕΙΔΙΚΑ ΣΕ ΑΥΤΗΝ ΤΗΝ ΠΕΡΙΠΤΩΣΗ) ΑΛΛΑ ΠΩΣ ΜΠΟΡΕΣΑΝ ΝΑ ΤΟ ΚΑΝΟΥΝ. ΟΙ ΑΣΤΕΙΕΣ ΤΑΚΤΙΚΕΣ ΠΡΟΣΤΑΣΙΑΣ ΤΗΣ Equifax ΕΙΧΑΝ ΚΑΤΑΓΓΕΛΘΕΙ ΚΑΤΑ ΤΟ ΠΑΡΕΛΘΟΝ ΠΑΡΑΠΑΝΩ ΑΠΟ ΔΕΚΑ ΦΟΡΕΣ. ΟΙ ΥΠΕΥΘΥΝΟΙ ΤΗΣ ΕΤΑΙΡΕΙΑΣ , ΟΠΩΣ ΚΑΙ ΟΙ ΥΠΕΥΘΥΝΟΙ ΔΕΚΑΔΩΝ ΑΛΛΩΝ ΕΜΒΛΗΜΑΤΙΚΩΝ ΕΤΑΙΡΕΙΩΝ ΕΙΝΑΙ ΚΥΡΙΟΛΕΚΤΙΚΑ ΨΗΦΙΑΚΑ ΑΝΑΛΦΑΒΗΤΟΙ ΚΑΙ ΟΜΩΣ ΟΛΟΙ ΑΥΤΟΙ ΕΧΟΥΝ ΣΤΗΝ ΔΙΑΘΕΣΙΜΟΤΗΤΑ ΤΟΥΣ ΣΤΟΙΧΕΙΑ ΕΚΑΤ ΑΝΘΡΩΠΩΝ.
«Η κινεζική κυβέρνηση και ο στρατός, καθώς και τα πρόσωπα που συνδέονται μ’ αυτούς, ουδέποτε επιδόθηκαν και ουδέποτε συμμετείχαν σε κλοπές εμπορικών απορρήτων μέσω του Ίντερνετ», δήλωσε ο Γκενγκ Σουάνγκ, εκπρόσωπος του υπουργείου Εξωτερικών, στη διάρκεια τακτικής ενημέρωσης των δημοσιογράφων. Ο Γκενγκ πρόσθεσε πως η Κίνα είναι επίσης θύμα κυβερνοκλοπής και παρακολούθησης εκ μέρους των ΗΠΑ και πως το Πεκίνο ζητάει από τις Ηνωμένες Πολιτείες να σταματήσουν τέτοιες ενέργειες.
ΑΜΠΕ
Experts and U.S. officials say the Equifax theft is consistent with the Chinese government's interest in accumulating as much information about Americans as possible. The data can be used by China to target U.S. government officials and ordinary citizens, including possible spies, and to find weaknesses and vulnerabilities that can be exploited—such as for purposes of blackmail. The FBI has not seen that happen yet in this case, said Deputy Director David Bowdich, though he said it "doesn't mean it will or will not happen in the future.""We have to be able to recognize that as a counterintelligence issue, not a cyber issue," Bill Evanina, the U.S. government's top counterintelligence official, said of the Equifax case. The four accused hackers are suspected members of the People's Liberation Army, an arm of the Chinese military that was blamed in 2014 for a series of intrusions into American corporations. Prosecutors say they exploited a software vulnerability to gain access to Equifax's computers, obtaining log-in credentials that they used to navigate databases and review records. They also took steps to cover their tracks, the indictment says, wiping log files on a daily basis and routing traffic through about three dozen servers in nearly 20 countries.
Besides stealing personal information, the hackers also made off with some of the company's sensitive trade secrets, including database designs, law enforcement officials said. Equifax, headquartered in Atlanta, maintains a massive repository of consumer information that it sells to businesses looking to verify identities or assess creditworthiness. All told, the indictment says, the company holds information on hundreds of millions of people in America and abroad. None of the accused hackers is in U.S. custody. But officials nonetheless hope criminal charges can be a deterrent to foreign hackers and a warning to other countries that American law enforcement has the capability to pinpoint individual culprits. Even so, while China and the U.S. committed in 2015 to halt acts of cyber espionage against each other, the Equifax intrusion and others like it make clear that Beijing has continued its operations. A spokesperson for the Chinese Embassy in Washington did not return an email seeking comment Monday.
The case resembles a 2014 indictment that accused five members of the PLA of hacking into American corporations to steal trade secrets. U.S. authorities also suspect China in the 2015 breach of the federal Office of Personnel Management and of intrusions into the Marriott hotel chain and health insurer Anthem.Such hacks "seem to deliberately cast a wide net" so that Chinese intelligence analysts can get deep insight into the lives of Americans, said Ben Buchanan, a Georgetown University scholar and author of the upcoming book "The Hacker and the State." "This could be especially useful for counterintelligence purposes, like tracking American spies posted to Beijing," Buchanan said. Barr, who at an event last week warned of Beijing's aspirations of economic dominance, said Monday the U.S. has long "witnessed China's voracious appetite for the personal data of Americans." "This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data," Barr said.
Equifax last year reached a $700 million settlement over the data breach, with the bulk of the funds intended for consumers affected by it. Equifax officials told the Government Accountability Office the company made many mistakes, including having an outdated list of computer systems administrators. The company didn't notice the intruders targeting its databases for more than six weeks. Hackers exploited a known security vulnerability that Equifax hadn't fixed. While company stock has recovered, Equifax's reputation has not fully. The company was dragged in front of Congress no less than four times to explain what happened. The company is about to start paying out claims on its $700 million settlement, of which more claimants have opted in to getting a cash settlement than accept credit counseling. So many claims have been made for the cash that the lawyers suing Equifax and the Federal Trade Commission have warned claimants that the chance of getting the full cash value of the settlement was unlikely.
https://techxplore.com/news/2020-02-chinese-military-members-equifax-breach.html
ΣΧΕΤΙΚΟ: https://www.secnews.gr/211091/equifax-paraviasi-hackers-kinezikou-stratou/
ΚΟΥΡΗΤΗΣ: ΤΟ ΣΗΜΑΝΤΙΚΟ ΣΕ ΑΥΤΗΝ ΤΗΝ ΠΕΡΙΠΤΩΣΗ ΔΕΝ ΕΙΝΑΙ ΤΙ ΕΚΑΝΑΝ ΟΙ ΚΙΝΕΖΟΙ (ή ΔΕΝ ΕΚΑΝΑΝ ΟΙ ΚΙΝΕΖΟΙ ΚΑΙ ΑΠΛΑ ΠΑΙΖΟΥΝ ΤΟΝ ΡΟΛΟ ΤΟΥ ΑΠΟΔΙΟΠΟΜΠΑΙΟΥ ΤΡΑΓΟΥ ΕΙΔΙΚΑ ΣΕ ΑΥΤΗΝ ΤΗΝ ΠΕΡΙΠΤΩΣΗ) ΑΛΛΑ ΠΩΣ ΜΠΟΡΕΣΑΝ ΝΑ ΤΟ ΚΑΝΟΥΝ. ΟΙ ΑΣΤΕΙΕΣ ΤΑΚΤΙΚΕΣ ΠΡΟΣΤΑΣΙΑΣ ΤΗΣ Equifax ΕΙΧΑΝ ΚΑΤΑΓΓΕΛΘΕΙ ΚΑΤΑ ΤΟ ΠΑΡΕΛΘΟΝ ΠΑΡΑΠΑΝΩ ΑΠΟ ΔΕΚΑ ΦΟΡΕΣ. ΟΙ ΥΠΕΥΘΥΝΟΙ ΤΗΣ ΕΤΑΙΡΕΙΑΣ , ΟΠΩΣ ΚΑΙ ΟΙ ΥΠΕΥΘΥΝΟΙ ΔΕΚΑΔΩΝ ΑΛΛΩΝ ΕΜΒΛΗΜΑΤΙΚΩΝ ΕΤΑΙΡΕΙΩΝ ΕΙΝΑΙ ΚΥΡΙΟΛΕΚΤΙΚΑ ΨΗΦΙΑΚΑ ΑΝΑΛΦΑΒΗΤΟΙ ΚΑΙ ΟΜΩΣ ΟΛΟΙ ΑΥΤΟΙ ΕΧΟΥΝ ΣΤΗΝ ΔΙΑΘΕΣΙΜΟΤΗΤΑ ΤΟΥΣ ΣΤΟΙΧΕΙΑ ΕΚΑΤ ΑΝΘΡΩΠΩΝ.
«Η κινεζική κυβέρνηση και ο στρατός, καθώς και τα πρόσωπα που συνδέονται μ’ αυτούς, ουδέποτε επιδόθηκαν και ουδέποτε συμμετείχαν σε κλοπές εμπορικών απορρήτων μέσω του Ίντερνετ», δήλωσε ο Γκενγκ Σουάνγκ, εκπρόσωπος του υπουργείου Εξωτερικών, στη διάρκεια τακτικής ενημέρωσης των δημοσιογράφων. Ο Γκενγκ πρόσθεσε πως η Κίνα είναι επίσης θύμα κυβερνοκλοπής και παρακολούθησης εκ μέρους των ΗΠΑ και πως το Πεκίνο ζητάει από τις Ηνωμένες Πολιτείες να σταματήσουν τέτοιες ενέργειες.
ΑΜΠΕ
No comments :
Post a Comment