The U.S. Justice Department recently announced that it has charged four Chinese citizens, suspected of working for the People’s Liberation Army (PLA), with stealing the personal data of millions of Americans. The hacking took place in 2017 when the criminals breached the servers of credit reporting agency Equifax and stole private data like the names, social security numbers, addresses, driver’s license numbers, etc., of almost 145 million U.S. citizens.
“The scale of the theft was staggering… This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft,” Attorney General William Barr said in a statement (AP News).
According to prosecutors, the four hackers exploited a software vulnerability that gave them access to login credentials and files stored on the company’s server. The hackers tried to cover their tracks by routing Internet traffic through servers located in 20 nations, as well as wiping out daily log files. In addition to the personal information of U.S. citizens, the hackers also stole the company’s trade secrets, including database designs.
Experts say that the stolen data can be used by Beijing to target American citizens and government officials. China might be able to find vulnerabilities and weaknesses that could be exploited for purposes like blackmail. Though none of the accused are in police custody, the administration hopes that by slapping criminal charges on them, it will act as a deterrent and warning to foreign nations who might plan on hacking the American government and corporate servers. Back in 2015, China committed to stopping cyber espionage activities. But the latest case is a clear indication that Beijing has no interest in upholding its promises.
Meanwhile, Equifax reached a US$700 million compensation agreement for the data breach. The majority of the funds will be given to the consumers who were affected by the hack. Mark Begor, CEO of Equifax, believes that companies are not equipped to fight such intrusions from state-backed threats. “Combating this challenge from well-financed nation-state actors that operate outside the rule of law is increasingly difficult… Fighting this cyberwar will require the type of open cooperation and partnership between government, law enforcement, and private business that we have experienced firsthand,” he said in a statement (NPR).
China cyber threat
At the recent “China Initiative Conference,” an event that discussed Beijing’s IP transgressions, William Barr exposed the link between the “Made in China 2025” initiative and trade secret theft. The 10-year-project officially started in 2015 and aims to enable China to produce almost 70 percent of targeted components domestically by 2025. Priority has been given to 10 sectors that range from biopharma to IT.
“Since the announcement of Made In China 2025, the Department has brought trade secret theft cases in eight of the ten technologies that China is aspiring to dominate. In targeting these sectors the PRC employs a multi prong approach engaging in cyber intrusions co-opting private sector insiders through its intelligence services and using non-traditional collectors such as graduate students participating in university research projects,” Barr said in a statement (Sophos).
Christopher Wray, Director of the FBI, revealed that the agency was investigating around 1,000 cases of theft of U.S. technology involving Chinese entities. He warned that Beijing has shown that it is willing to steal its way to become an economic superpower and topple the U.S.