Equifax indictment and the making of a Chinese cyber-attack | Article

0
221

On Jan. 28, 2020, a federal grand jury for the U.S. District Court for the Northern District of Georgia returned an indictment against four members of the Chinese People’s Liberation Army (PLA), a component of the Chinese military. The indictment alleges Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei conspired with one another to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information—including names, birth dates, and social security numbers—of approximately 143 million U.S. citizens and another one million citizens in the United Kingdom and Canada.

At a high level, the conspirators evaded detection by routing traffic through approximately 34 servers located in nearly 20 countries to conceal their true location; used encrypted communication channels within Equifax’s network to blend in with normal network activity; and deleted compressed files and wiped log files daily to eliminate records of their activity.

From a broader enterprise risk management standpoint, the Equifax hack serves as a warning to all companies. In a statement, Attorney General William Barr described the Equifax…

Read More…