Equifax hack high­lights China in­ter­est in US per­sonal data

Baltimore Sun - - ENTERTAINM­ENT - By Frank Ba­jak

BOS­TON — In 2014, the Obama ad­min­is­tra­tion ac­cused five Chi­nese mil­i­tary agents of targeting Pitts­burgh-area in­dus­trial com­pa­nies in­clud­ing West­ing­house Elec­tric, Al­coa and U.S. Steel. Since then, the num­ber of com­pa­nies al­legedly tar­geted by Chi­nese hack­ers has only grown.

Chi­nese Pres­i­dent Xi Jin­ping as­sured then-Pres­i­dent Barack Obama in 2015 his mil­i­tary would stop steal­ing com­mer­cial se­crets from U.S. com­pa­nies. The ev­i­dence in­di­cates that pledge was short-lived, if it was hon­ored at all.

The lat­est in a string of China-linked hack­ing in­ci­dents came with the Mon­day in­dict­ment of four mem­bers of the Chi­nese mil­i­tary for break­ing into the credit-re­port­ing agency Equifax in 2017. The mo­tives ap­pear to be more about es­pi­onage than steal­ing trade se­crets, cy­ber­se­cu­rity ex­perts say.

The state-backed Chi­nese hack­ers al­legedly vac­u­umed up bil­lions of data points on Amer­i­cans that could be used to cross­ref­er­ence data and ob­tain deep in­sights into in­di­vid­ual lives. The data could be used in the re­cruit­ment of spies, and the hack­ers may have seeded cover iden­ti­ties for Chi­nese agents in­side Equifax’s data­bases, said Priscilla Mo­ri­uchi, a for­mer NSA em­ployee now at the cy­ber­se­cu­rity firm Recorded Fu­ture.

Here are the big­gest cases of whole­sale data theft blamed on Chi­nese agents.

Of­fice of Per­son­nel Man­age­ment

In a dev­as­tat­ing blow to U.S. na­tional se­cu­rity, the per­sonal data of more than 21 mil­lion cur­rent, for­mer and prospec­tive fed­eral em­ploy­ees was stolen. Al­though a first hacker was de­tected in March 2014, a sec­ond in­truder went un­de­tected un­til April 2015, by which time data on se­cu­rity clear­ances, back­ground checks and fin­ger­print records had been ex­tracted. A House in­quiry said the hack was likely the work of “Deep Panda,” a group linked to the Chi­nese mil­i­tary.

An­them

Hack­ers stole per­sonal in­for­ma­tion on nearly 80 mil­lion cur­rent and for­mer cus­tomers and em­ploy­ees of the In­di­ana-based health in­surer over at least seven months end­ing in Jan­uary 2015.

Two mem­bers of a hack­ing group op­er­at­ing from China were later in­dicted in the big­gest health care hack in U.S. history.

An­them said it had no ev­i­dence that med­i­cal or fi­nan­cial in­for­ma­tion was taken or that any of the data stolen re­sulted in fraud.

The se­cu­rity f i rm Sy­man­tec said the hack was be­lieved to be the work of a well-re­sourced Chi­nese group it called Black Vine that had been con­duct­ing cy­beres­pi­onage targeting in­dus­tries in­clud­ing aero­space, en­ergy and health care.

Mar­riott

Be­gin­ning in 2014, hack­ers ex­tracted data in­clud­ing credit card and pass­port num­bers, birth dates, phone num­bers and ho­tel ar­rival and de­par­ture dates on as many as 383 mil­lion guests of the ho­tel chain. The breach went un­de­tected for four years and af­fected ho­tels in the Star­wood chain that Mar­riott ac­quired in 2016.

An­a­lysts noted that in­for­ma­tion from ho­tels — com­mon venues of ex­tra­mar­i­tal trysts and cor­po­rate es­pi­onage — could be used for black­mail and coun­teres­pi­onage. On Mon­day, At­tor­ney Gen­eral Wil­liam Barr blamed the hack on Chi­nese agents.

Other ma­jor cor­po­ra­tions and agen­cies

Two hack­ers were in­dicted in De­cem­ber 2018 for ex­ten­sive data theft from ma­jor cor­po­ra­tions in the U.S. and nearly a dozen other na­tions be­gin­ning in 2006, al­legedly on be­half of Bei­jing’s main in­tel­li­gence agency.

They al­legedly ob­tained names, So­cial Se­cu­rity num­bers and other per­sonal in­for­ma­tion of more than 100,000 Navy per­son­nel.

Tar­gets in­cluded NASA’s Jet Propul­sion Lab and God­dard Space Cen­ter. The in­dict­ment said more than 45 tech­nol­ogy com­pa­nies were tar­geted by the group, known as “Stone Panda,” and that other vic­tims spanned strate­gic in­dus­tries from aero­space to fac­tory au­to­ma­tion, lab­o­ra­tory in­stru­ments and biotech­nol­ogy.

FBI

A wanted poster shows four mem­bers of China’s People’s Lib­er­a­tion Army who are wanted by the FBI.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.