On February 10, 2020, US Department of Justice officials held press conferenceduring which in absentia charged four citizens of China. It is reported that Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei were directly related to the sensational attack on the Equifax credit bureau in the summer of 2017.
At the same press conference, US Attorney General William Barr said that these hackers are allegedly military and members of the People’s Liberation Army of China, and also work in the so-called 54th Research Institute, which is often referred to in connection with hacker attacks.
According to Barr, the defendants not only stole data on 145 million US citizens, but also classified information belonging to the Equifax credit bureau itself.
“The defendants spent several weeks fulfilling various queries to determine the structure of the database, as well as search for confidential and personal information in the Equifax system.
Having gained access to the files of interest, the criminal group stored the stolen information in temporary files, compressing and separating them in order to eventually send this data from the Equifax network to computers outside the United States. Attackers made about 9,000 requests in the Equifax system, extracting the names, dates of birth and social security numbers of American citizens.
The defendants took measures to avoid detection during the attack. So, they directed traffic to about 34 servers located in almost 20 countries of the world to hide their real location; used encrypted communication channels in the Equifax network to mix with normal network activity; daily deleted compressed files and erased log files, trying to destroy all records of their activity, ”the Ministry of Justice said.
FBI notesthat this is an extremely complicated matter, since the investigators had very little information at their disposal: the investigation into the Equifax hack actually started with only 40 IP addresses that were used during the attack.
Equifax became aware of a massive data leak that was made by one of the largest credit history bureaus in the world in 2017. Then representatives of the North American division of Equifax reported that unknown attackers took possession of personal information about 145 million people (324 million people live in the United States), including their social security numbers and driver's licenses, full names, and addresses. Also affected 15.2 million residents of the UK and about 8,000 Canadian users.
It later emerged that the scale of the incident was even more serious than originally thought. Thus, not only the above data, but also individual taxpayer numbers (in the USA they are used by those who do not have a social security number), email addresses of users, detailed data on driver's licenses (in particular, dates and places of issue of documents) and even bank card information.
Attackers compromised the company through a vulnerability in Apache Struts. Hackers used the vulnerability CVE-2017-9805, which was fixed in early March 2017. Since Equifax was hacked after the patch was released, the company had time to install the update, but for some reason no one bothered.