from the Funder-of-identity-protection-services dept.
Equifax: US charges four Chinese military officers over huge hack:
The US has charged four Chinese military officers over the huge cyber-attack of credit rating giant Equifax.
More than 147 million Americans were affected in 2017 when hackers stole sensitive personal data including names and addresses.
[...]Announcing the indictments, Attorney General William Barr called the hack "one of the largest data breaches in history".
According to court documents, the four are allegedly members of the People's Liberation Army's 54th Research Institute, a component of the Chinese military.
They spent weeks in the company's system, breaking into security networks and stealing personal data, the documents said.
The nine-count indictment also accuses the group of stealing trade secrets including data compilation and database designs.
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 11 2020, @12:56AM (6 children)
Sure thing.
Now, who REALLY did it?
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @12:58AM
The Joker
(Score: -1, Troll) by Anonymous Coward on Tuesday February 11 2020, @02:01AM (3 children)
Don't forget just WHO opened Pandora's Box, i.e. global access to Dear China. Mr Bill Clinton, the Manchurian Candidate.
(Score: 5, Informative) by barbara hudson on Tuesday February 11 2020, @02:10AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday February 11 2020, @02:26AM (1 child)
World Health Organization? Just by itself?
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @04:06PM
The GP probably meant Who Choi Li, the shift supervisor of the four saps in TFA.
(Score: 2) by barbara hudson on Tuesday February 11 2020, @02:16AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 5, Insightful) by Runaway1956 on Tuesday February 11 2020, @01:03AM (5 children)
Wake me up when they indict Equifax for incompetence and malfeasance. Let me repeat my oft-repeated refrain: The data shouldn't be accessible from the internet. So long as lazy cheapskates make it available, people are going to "hack" into it.
(Score: 5, Touché) by c0lo on Tuesday February 11 2020, @01:12AM
I don't think you have the money for cryopreservation until the heat death of the Universe.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Informative) by krishnoid on Tuesday February 11 2020, @01:49AM
Or when Barr admits that "Getting the Imperial Senate to swear an oath to act as impartial jurors while stating publicly that they wouldn't" was "one of the biggest governmental hacks in history".
(Score: 3, Informative) by Anonymous Coward on Tuesday February 11 2020, @01:55AM (1 child)
And you can wake me up when US Government hackers get indicted for hacking Chinese infrastructure. Or Russian. Or, FFS, German.
(Score: 2, Funny) by khallow on Tuesday February 11 2020, @06:39AM
(Score: 3, Informative) by DavePolaschek on Tuesday February 11 2020, @12:20PM
I’d go farther. The data shouldn’t have been collected in the first place, and as with the Wacom article, I hope it gets treated as a liability rather than an asset.
(Score: 2, Interesting) by Anonymous Coward on Tuesday February 11 2020, @02:10AM (1 child)
China drains everyone's bank accounts that were hacked through Equafux and FDiC won't cover it because it's an act of (cyber)war.
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @02:13AM
s/China/Trump/
(Score: 4, Insightful) by dltaylor on Tuesday February 11 2020, @03:07AM (5 children)
their unwillingness (to spend the money) to secure the data makes them the more responsible party, no matter who the administration tries to blame. This is just more smoke and mirrors to deflect any effort to make corporate America protect the data they've collected.
(Score: 4, Informative) by stretch611 on Tuesday February 11 2020, @03:33AM (2 children)
I agree.
Though it would not surprise me in the least to find out the attack was perpetrated by 4 Chinese military hackers, Equifax is still negligent. I distinctly remember back then that reports said that the webserver that was hacked did not have all the security updates applied for a few months.
Admittedly, I do not doubt that even a fully patched server is vulnerable to state sponsored hackers (including the NSA as well as chinese military.) However, if you are so lazy to not even update your software regularly, it is only a matter of time before somebody hacks you, whether it is state sponsored, or a teenage nerd on his lunch break in the high school computer lab. And equifax knows that having the credit information on practically every us citizen (and more) is a big red bullseye.
Honestly, IMHO, Equifax as a company should have been removed from existence for their mistakes leading up to this.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 3, Interesting) by sjames on Tuesday February 11 2020, @07:21AM
Equifax et. al. should have been removed from existance well before that. They accept hearsay as gospel then gossip it to any who pay them. Then they magnanimously allow consumers to pay them to see what is being gossiped about them and perhaps even correct some of it.
To compound that, THEN they leaked 147 million "ID theft kits". That really throws more than just reasonable doubt over every last bit of data they have, but they continue pretending it's all gospel with zero investigation.
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @07:31PM
Yes. But too big to fail.
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @06:16AM (1 child)
Equifax is setting up shop here in Australia - on a massive hiring spree from CTO level down.
(Score: 2) by sjames on Tuesday February 11 2020, @07:23AM
You should kill them all on sight.
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @02:26PM (1 child)
What is in it for China?
Lacking that, it seems less than plausible.
(Score: 0) by Anonymous Coward on Tuesday February 11 2020, @04:20PM
I think this is a good question, but I'd also ask another one in addition. How would we know?
Increasingly we're claiming omniscience on things where you simply cannot know. Imagine for instance I took the most pedestrian level of anonymizing and I chose to connect to this website using TOR. My identity would be, for all intents and purposes, effectively impossible to discern. And that is civilian level protection. I've no idea what our guys (or theirs) are doing, but I suspect it's rather more sophisticated. Now let's take this one step further. Imagine I'm a hacker from one nation and not only have I hacked your grossly insecure servers, but I've also left a footprint to try attribute blame to another party. The NSA had a one of their fancy acronyms for our methods of doing such and deemed them highly effective.
And somehow you get this down to not only the country, and not only the vicinity, but literally 4 exact people? Erm.. okay. Well okay, perhaps we have some high level spies in Chinese intelligence. That's possible, if not probable. I expect they similarly have spies inside of our institutions. Yet if so, why in the hell would you defacto announce this and give China a huge datum on where the mole is?
So much of our propaganda against Russia and China is increasingly failing the smell test. It's possible there are some esoteric 4d level chess and strategies beyond human comprehension being played out, but it's also possible that a lot of this is just plain old hamfisted propaganda. And I think Occam's razor is pointing pretty squarely towards the latter.