How Chinese army hackers allegedly stole personal info

How Chinese army hackers allegedly stole personal info


Chinese military hackers exploited a flaw in software that allowed U.S. consumers to dispute problems with their Equifax credit reports, giving the hackers access to the personal information of 145 million Americans, according to a criminal indictment unsealed Monday.

The 2017 breach occurred after Equifax security officials failed to install a software upgrade that had been recommended to seal off digital intruders from obtaining access to the names, birth dates and social security numbers of the victims, the indictment says.

The U.S. Department of Justice on Monday announced that a federal grand jury in Atlanta had delivered a nine-count indictment accusing four hackers and members of China’s People’s Liberation Army – Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei – of serving as masterminds of the hack.

FBI Deputy Director Bowdich said there’s no evidence the Chinese military has used the stolen information for any illegal purposes. But he said the “brazen theft” illustrates that “China is one of the most significant threats to our national security today.”

Equifax hacking:Four members of Chinese army charged with stealing 145 million Americans’ data

Security group:Equifax had patch 2 months before hack and didn’t install it

FILE- This July 21, 2012, file photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. On Wednesday, March 28, 2018, Equifax announced that Mark Begor will become its CEO as the credit reporting company continues to try to recover from fallout surrounding a massive data breach. (AP Photo/Mike Stewart, File) ORG XMIT: NYBZ327

From a technical perspective, the breach unfolded like a classic robbery.

The criminals identified a flaw in Equifax’s security system, executed a plan of attack to penetrate the system and devised a scheme to cover their tracks on their way out.

According to the indictment, the hackers:

• Recognized that Equifax had failed to install an upgrade to Apache Struts software, which Apache had recommended around March 7, 2017, and was then flagged by the U.S. Computer Emergency Readiness Team as a security threat. The software underpinned an online portal that allowed consumers to dispute their credit report details. 


Source link

Categorized as Top Stories

By Javier Manning

Javier has been in the field of content writing for almost 8 Years as he hails from the Biotechnology background. The edifying articles portray her craving towards language. His keen hobby of reading technological innovations related books or articles has sown the seed of being a well-versed editor with the current scenario of numerous industry verticals. He is one of the valuable assets to this publication. The Industry News Press has awarded him with a senior editors post based on his skillful performance to date.