Four People’s Liberation Army (PLA) Members Charged Over 2017 Equifax Breach

By Jarren Buendia on February 28, 2020

Executive Statement:

According to both The Guardian and the Wired newsgroups, the Department of Justice (DOJ) has officially indicted four members of the Chinese People’s Liberation Army (PLA), by name, over the 2017 Equifax information breach. It is not explicitly stated how the DOJ came to this conclusion, but the Wired article did state that the indictment comes after a “years-long investigation.” If allegations are true, this situation would amount to a foreign government compromising a US-based credit monitoring company, in order to gain personally identifiable information (PII) on millions of Americans.

Open Source Intelligence (OSINT) Details:

Firstly, a refresher on the 2017 Equifax breach. According to the Wired article detailing this recap, back in mid-to-late 2017, the Apache Software Foundation announced that a critical vulnerability existed within their Apache Struts software. In short, if an attacker is able to exploit the vulnerability, they would have unfettered access to the web application; and this is apparently what happened. Attackers gained a foothold into Equifax’s back-end databases and began gathering information via SQL queries. Again, according to the Wired article, attackers ran around 9,000 queries over the span of weeks, gaining PII on over half of all Americans (about 147 million people total).

The four PLA members charged by the DOJ include: Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei.

According to The Guardian, there has been an extensive US campaign to snuff out Chinese espionage operations. “Since 2018, the US has snared a growing group of Chinese government officials, business people and academics allegedly pursuing American secrets.” As mentioned above, the reasons for these indictments are not explicitly stated. However, between OSINT reports and statements from the DOJ, it appears that the connection is at least plausible.

Potential Impacts:

The Equifax breach is not the first incident to be allegedly tied to Chinese espionage. However, it is noteworthy due to the amount of people affected (about half the total population of the US) and the information that could have been gathered (full names, social security numbers, birthdates, etc.). To put this in perspective, two out of every four people in a room could be at risk of identity theft, since everything a malicious actor needs to open a fraudulent credit line was gathered in the breach. More importantly, if two out of every four people in a room are government and/or military personnel, this information breach becomes more concerning.

Significance:

Although the main story is that Equifax was hacked in 2017, the fact that the US has charged foreign citizens is the reason this story has resurfaced. According to the BBC, Chinese foreign ministry spokesman, Geng Shuang, publicly denied these claims and stated that, “China was itself a victim of cyber-crime, surveillance and monitoring by the US.” Additionally, based on another article by Wired, the DOJ indictments are, “[…] almost certainly the first time the four attacks had been publicly linked by a government official.” The four attacks that the previous sentence refers to are: the 2013 federal Office of Personnel Management (OPM) breach, the 2015 Anthem health insurance data breach, the 2017 Equifax breach, and the 2018 Marriott hotels breach. Each of the articles referred to in this report draw the same general conclusions, citing officials and inside sources. If general attackers were behind each of the four breaches mentioned above, it would be dangerous for so many US citizens’ personal information to be out in the wild. However, if the US has indicted Chinese nationals over the Equifax breach, and linked the other attacks as well, then not only have we “pointed the finger” at China, but it also means all the data gathered from each breach has been captured by one overall entity. Referring one last time to the Wired article, “US officials now worry whether they can work undercover overseas at all.” The reason stated is that, “The effort required to circumvent [Chinese recognition capabilities] at border crossings and on street corners seem increasingly Sisyphean.”

Sources:

“China’s Hacking Spree Will Have a Decades-Long Fallout.” 11 Feb 2020. Retrieved From: wired.com. Retrieved: 25 Feb 2020.

“Credit firm Equifax says 143m Americans’ social security numbers exposed in hack.” 7 Sep 2017. Retrieved From: theguardian.com/us-news. Retrieved: 18 Feb 2020.

“Equifax hack: credit monitoring company criticized for poor response.” 8 Sep 2017. Retrieved From: theguardian.com/technology. Retrieved: 18 Feb 2020.

“Equifax: US charges four Chinese military officers over huge hack.” 11 Feb 2020. Retrieved From: bbc.com. Retrieved: 25 Feb 2020.

“How 4 Chinese Hackers Allegedly Took Down Equifax.” 10 Feb 2020. Retrieved From: wired.com. Retrieved: 18 Feb 2020.

“US charges four Chinese army members over giant Equifax hacking breach.” 10 Feb 2020. Retrieved From: theguardian.com/technology. Retrieved: 18 Feb 2020.