Chinese charged for Equifax breach and 80% of economic espionage cases

[justpoet]

Recent news worth noting. Privacy and digital security are rather serious, even if most people think it is ok to trade them away, it really isn’t. The more places have more data, the easier this sort of thing becomes with more targets.  Additionally, this gives full credence to the US accusations of various manipulations, and multiple countries worries about Chinese state sponsored infrastructure hardware possibly making items like this easier in the future, as they have shown it to be systemic and by design as a nation.

 

Quote

in a single breach, the PLA obtained sensitive personally identifiable information for nearly half of all American citizens.

Quote

AG Barr also said that roughly "80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret theft cases in recent years involved some connection to China."

https://www.bleepingcomputer.com/news/security/us-charges-chinese-military-hackers-for-equifax-breach/

https://www.documentcloud.org/documents/6772799-Wu-Zhiyong-Indictment.html

https://www.justice.gov/opa/speech/attorney-general-william-p-barr-announces-indictment-four-members-china-s-military

Edit: video added from comments:

 

Edited February 11, 2020 by justpoet
Video added from comments

[ARikozuM]

Annnddd we're just scapegoating private companies from responsibility in the first place. 

 

Also, does anyone know if the US has an extradition agreement with China?

[Arika]

you could implicate any country or find a connection to any country's government in any data breach if you look hard enough.

[Donut417]

12 minutes ago, ARikozuM said:

Annnddd we're just scapegoating private companies from responsibility in the first place. 

 

Also, does anyone know if the US has an extradition agreement with China?

China wont hand over one of their own. Also, this hacking is acutally the Chinese government doing it. So..... they definatly are not going to hand over government offical(s). 

[justpoet]

19 minutes ago, ARikozuM said:

Annnddd we're just scapegoating private companies from responsibility in the first place. 

 

Also, does anyone know if the US has an extradition agreement with China?

Equifax isn’t being left off the hook, they already have had a lot against them as a result of this.  The big difference here is that this is actual direct Chinese govt, not just actors in China.

[ARikozuM]

1 minute ago, justpoet said:

Equifax isn’t being left off the hook, they already have had a lot against them as a result of this.  The big difference here is that this is actual direct Chinese govt, not just actors in China.

I think they are being let off the hook. It wasn't Equifax's "fault" when the Chinese gov't did the hacking. It basically puts all of the security and funding onto the US gov't to prevent rather than the company themselves. 

[SpikeSpiegel]

U.S. Attorney General Bill Barr and other Justice Department officials will hold a press conference to announce a cyber-related enforcement action.

 

These 4 Chinese hackers were Military Hackers.

[RonnieOP]

1 hour ago, Arika S said:

you could implicate any country or find a connection to any country's government in any data breach if you look hard enough.

Not at all really.

 

 

[williamcll]

Gee I wonder what Hardware Equifax used, clearly they should be banned if its vulnerable to Hackers that only have English as a second language (or not a all)

[SpaceGhostC2C]

4 hours ago, justpoet said:

Equifax isn’t being left off the hook, they already have had a lot against them as a result of this. 

Right, like... getting a huge data management contract from the government?

Or maybe it's the mitigation actions they offered, but which you had to pay for?

[TempestCatto]

Not even our noods are safe anymore

[Soppro]

Seeing as these military officers are not currently located in the US, and are instead based in China, I doubt they will ever see any punishment, just like the perpetrators of every other major breach by the Chinese. 

 

Sure there is a better way of bringing these people to justice, right now in the event of these large breaches, half the time we don't even know who exactly planned and carried out these attacks (seeing as they got to this point makes me impressed), and even if we do know, we aren't able to prosecute them (because the country they reside in won't extradite them, etc.)

 

So right now, it makes sense for the Chinese to continue breaching international companies and taking their trade secrets & intellectual property because there are no repercussions for them.

[weeblord]

5 hours ago, ARikozuM said:

Annnddd we're just scapegoating private companies from responsibility in the first place. 

 

Yeah, companies that especially focus on banking need to reevaluate their security level. "Oh yeah, you got your account details for your 401k hacked" is not something people want to hear.

[justpoet]

1 minute ago, weeblord said:

Yeah, companies that especially focus on banking need to reevaluate their security level. "Oh yeah, you got your account details for your 401k hacked" is not something people want to hear.

This is one of the many reasons multi-factor auth, and not just with an sms pin number that's useless, need to be required for any and all financial transactions.

[SpikeSpiegel]

Most major banks uses Equifax and I was lucky enough not to get my personal information stolen.  My bank branch got rid of Equifax years before this happened.  So I'm glad that it didn't affect me.  However my parents aren't too happy about their personal information being stolen.

[kirashi]

5 hours ago, ARikozuM said:

I think they are being let off the hook. It wasn't Equifax's "fault" when the Chinese gov't did the hacking. It basically puts all of the security and funding onto the US gov't to prevent rather than the company themselves. 

Um no. As a consumer, HARD no - we should not have to rely on any single party to ensure our data is secure, as properly encrypted data would be secured at rest & in transit, only visible to those with the key, whatever said key may be. This means that in an ideal world, zero identifiable information would be decryptable without a users' express consent, each and every time said information is accessed.

 

Unfortunately, until companies prioritize privacy over profits, this is out of our control, save for choosing to never utilize services you have no control over, of which Equifax is one. Mind you, I suppose you could go back to hoarding all your cash in a safe designed & built by yourself, hidden in a bunker 50 floors below sea level, but then you'd have to decide whether that's a compromise you'd be willing to make compared to storing your money in an insecure financial institution.

 

To be clear, I do indeed utilize services by companies whose focus does not include my privacy, but only because there's either a) no other option or b) I actively choose to. For example, I require a Facebook profile in order to manage my IT clients' Business Pages, so instead of deactivating my Facebook, I choose to keep it active, albeit with extremely tightened privacy settings.

[Bombastinator]

Find me a reference other than FOX news.  They’re not quite the absolute bottom of the barrel but they’re down there.  I suspect their numbers are not out and out false but they like to massage things.  Might be true.  Almost certainly at least partially true.  It can be a pretty big “partial” with FOX though.  They tend to go for very very heavy spin.

[ARikozuM]

@kirashi Just for clarification, I am saying that the US government basically just gave Equifax a pass on any harm and damages they've been involved in. No evidence was provided by AG Barr for the hack and it basically states that Equifax could do nothing about it because the Chinese government was the attacker. 

 

If anything Equifax should be put under massive scrutiny and auditing for security for a few years as well as having to pay far more in damages than the original settlement.

[LAwLz]

Blaming the Chinese these days are basically like blaming "the jews", "muslims", or "the negros".

It seems like the Chinese are a scapegoat for everything. Whenever something bad happens, people instantly jump and pile on the Chinese as some kind of boogeyman.

[Arika]

6 minutes ago, LAwLz said:

It seems like the Chinese are a scapegoat for everything

it's those damn video games!

[Bombastinator]

8 minutes ago, LAwLz said:

Blaming the Chinese these days are basically like blaming "the jews", "muslims", or "the negros".

It seems like the Chinese are a scapegoat for everything. Whenever something bad happens, people instantly jump and pile on the Chinese as some kind of boogeyman.

“People” may be a slight misnomer.  Not all people.  There do seem to be groups that drive for it though.

[justpoet]

7 hours ago, Bombastinator said:

Find me a reference other than FOX news.  They’re not quite the absolute bottom of the barrel but they’re down there.  I suspect their numbers are not out and out false but they like to massage things.  Might be true.  Almost certainly at least partially true.  It can be a pretty big “partial” with FOX though.  They tend to go for very very heavy spin.

Did you not read the post before attacking the FOX video?

The fox news video was added from comments well after the source articles and OP, including the direct indictment documents and the justice department release information.

[weeblord]

9 hours ago, justpoet said:

This is one of the many reasons multi-factor auth, and not just with an sms pin number that's useless, need to be required for any and all financial transactions.

But even if two-factor authentication was an option on every banking site, how many people would really use it? 60%? 50% 30%? Some people are just too lazy.

[Bombastinator]

1 hour ago, justpoet said:

Did you not read the post before attacking the FOX video?

The fox news video was added from comments well after the source articles and OP, including the direct indictment documents and the justice department release information.

No.  The first post has the Fox News article in it.  This is reading a bit odd.  The first post in the thread is apparently full of quotes, like the front end was chopped off.  There are some other links but they’re more or less unreadable legislation documents and they’re specific to a single thing, and they appear to be announcements from Barr, a super stalwart not well known for his veracity either.  I can’t tell what they say.  As for “attacking” the FOX news thing, I’m just stating what they are.  That’s not an attack it’s an observation.  If there are other references there are other references.  Except there aren’t any visible.

[Taf the Ghost]

6 hours ago, LAwLz said:

Blaming the Chinese these days are basically like blaming "the jews", "muslims", or "the negros".

It seems like the Chinese are a scapegoat for everything. Whenever something bad happens, people instantly jump and pile on the Chinese as some kind of boogeyman.

It really, really isn't. China State Digital Espionage, especially for business IP, has been a problem for 20+ years. Governments lie all of the time, but it doesn't mean China doesn't use stealing R&D as a State Policy. Because it is. The fund a digital army and use it constantly. 

 

China's only comparative advantages has been stealing R&D and bribing officials of other countries to sell out their own industries. It's worked great for Chinese officials and the non-Chinese officials that they bribed, but it's most of the reason we're edging toward Open Trade Wars. This is very real and has done extremely damage across the globe.