![]() ![]() It kept 145 million Social Security numbers and other consumer data in plaintext as well, rather than encrypting them. And an FTC complaint from last summer also found that the company stored administrative credentials in an unsecured file in plaintext. It should have patched that initial Apache Struts vulnerability, for starters. ![]() While the operation had a certain degree of complexity, Equifax itself made their job much easier than it should have. Repeat over the course of several weeks, and you wind up with 147.9 million people’s information allegedly in the hands of a foreign government. Data safely in hand, they then deleted the archive. ![]() They created a compressed file archive of the results, copied it to a different directory, and downloaded it. From there, they queried the database for Social Security numbers, full names, and addresses, and stored them in output files. They then used a stolen username and password for a service account to get into an Equifax database. Take one incident detailed by the DOJ: On July 6, 2017, one of the hackers accessed the Equifax network from a Swiss IP address. They used encrypted login protocols to mask their involvement in those servers, and in at least one instance wiped a server’s log files every day. The indictment also details how the PLA team allegedly set up 34 servers across 20 countries to infiltrate Equifax, making it difficult to pinpoint them as a potential problem. It all looked like normal network activity. It also helped that they were deep enough inside Equifax’s network that they could use the company’s existing encrypted communication channels to send their queries and commands. After they had exfiltrated the data, they deleted the compressed files to minimize the trail. ![]() (At one point, the indictment says, they split an archive containing 49 directories into 600-megabyte chunks.) That kept their transmissions small enough to avoid suspicion. China’s hackers allegedly used a few techniques to maintain access to the motherlode.Īccording to the DOJ, they stored the stolen data in temporary files especially large files they compressed and broke up into more manageable sizes. The DOJ says the interlopers ran 9,000 queries in all, not stopping until the end of July.Īmassing that much data is one thing getting it out undetected is another. Eventually, they located a repository of names, addresses, Social Security numbers, and birth dates. The indictment alleges that the hackers first ran a series of SQL commands to find especially valuable data. “For years we have witnessed China’s voracious appetite for the personal data of Americans.”įrom there, they feasted. “This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” US attorney general William Barr said at a press conference announcing the charges. It also further escalates already tense relations with China on multiple fronts. In terms of the number of US citizens affected, it’s one of the biggest state-sponsored thefts of personally identifiable information on record. In a sweeping nine-count indictment, the DOJ alleged that four members of China’s People’s Liberation Army were behind the Equifax hack, the culmination of a years-long investigation. On Monday, the Department of Justice identified the alleged culprit: China. Names, birth dates, Social Security numbers, all gone in an unprecedented heist. In September 2017, credit reporting giant Equifax came clean: It had been hacked, and the sensitive personal information of 143 million US citizens had been compromised-a number the company later revised up to 147.9 million. ![]()
0 Comments
Leave a Reply. |