Justice Dept. Charges China-backed Hackers Over Equifax Breach (techcrunch.com) 54
U.S. prosecutors have charged four hackers said to be working for the Chinese military for the 2018 cyberattack at Equifax, which led to the theft of more than 147 million credit reports in a massive data breach. From a report: Attorney general William Barr accused the four members of the Chinese People's Liberation Army of hacking into the credit giant over a period of several months. The nine-charge indictment was announced Monday against Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei. "This is the largest theft of sensitive PII by state-sponsored hackers ever recorded," said FBI deputy director David Bowdich. Equifax revealed the data breach in September 2017, months after it discovered hackers had broken into its systems. An investigation showed the company failed to patch a web server it knew was vulnerable for weeks, which let hackers crash the servers and steal massive amounts of personal data.
I was a victim of the Equifax breach (Score:5, Insightful)
Re: (Score:2)
A nickel discount on any of the cheap shit they export.
Re: (Score:2)
Re: (Score:2)
Priority enlistment?
Your compensation was a free vulnerability scan (Score:3)
Re: (Score:2)
good luck jim (Score:2)
nabbing those 4 guys from China...
Re: (Score:2)
Good luck for those 4 guys to travel internationally and live the Good Life(TM), "Jim."
I don't care (Score:2)
Re: (Score:2)
I refused to accept their offer, and refused to opt out, and so I was unilaterally offered free credit monitoring for as long as stay with the same bank.
It sounds like you didn't understand your negotiating position. ;)
Re: I don't care (Score:1)
OPM isn't a bank. It's the Office of Personnel Management. Basically, it is HR for the Federal government. Since I had to undergo security clearance check, finger printing, FBI background check, etc, they had pretty much EVERYTHING on me and all those other people.
My negotiating power was exactly zero. IIRC, the letter did sort of say "sorry, not sorry!" But that was as close as they got to giving a shit.
China now
Re: (Score:2)
social score (Score:2, Funny)
What about incompetant Equifax executives (Score:5, Insightful)
who did not bother to ensure that a known vulnerability was patched months after a fix was available ?
Re: (Score:2)
Executives don't patch systems
Re: (Score:3)
Executives don't patch systems
No: but they should understand enough to know that application of patches needs to be done. So they must ensure that it is done. The buck stops with them, which is why, supposedly, they are paid large salaries.
Re: (Score:2)
Re: (Score:2)
If you're relying on what you learnud in skool to manage your computer security, that already implies you don't read the manual, don't have any clue what the current state of the art is, and are hazardous to the process.
Re: (Score:3)
Many of them were canned, actually. People on Slashdot love to claim that none of the executives ever got in trouble because there weren't big headlines when the hammer came down on the individuals involved, but the truth of the matter is that...
- Their CEO at the time, Richard Smith, was forced to resign within weeks of the disclosure
- Their CIO, David Webb, was canned immediately after the hack was disclosed
- Their CSO, Susan Mauldin (who had a Music major and apparently no technical experience), was cann
Re: (Score:2)
So far as I could tell, only the CEO had one (which was admittedly worth tens of millions of dollars), which one article I read said was due to the board allowing him to resign. The rest were fired for cause and had no golden parachute, from what I could gather.
Re: (Score:2)
As an aside, what'd you do to piss someone off? A quick glance at your post history makes it look like you're getting posts modded down for no good reason.
Where are the details & evidences? (Score:1)
The details contained in the charging document are allegations. The defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Sounds like they don't need any fact or evidences judging by the responses.
Re: (Score:3)
I honestly don't know what information I should trust anymore.
China isn't trustworthy.
and the United States has dropped all pretense on being the responsible country in the world. So they are just as prone to outright lying too.
Any news source I follow has a political bias, in which I cannot trust, and social media is pure crap.
Don't trust any government,
Don't trust the media,
Don't trust companies,
Don't trust not-for-profit,
Don't trust schools and universities....
For some thing I can collect the data myself
Re: (Score:2)
Now you know why so many people are dying of fentanyl overdoses, and why zoomers and millennials avoid anything that makes them put down roots: they're in fight-or-flight all the time because the entire world is hostile to them, they can't count on anything or anyone to not fuck them over, and owning anything like a house or a car, so far as they're concerned, just slows them down when they have to grab their 'go bag' and run
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
The real guilty ones are the ones not patching the server.
Well, that's all of us then. I didn't patch the server either.
Or maybe you've just never worked for a large organisation and don't understand the complexities involved.
If anything these 4 are guilty of entering a house where they left the door open
Oh, victim blaming. Classy.
Re: (Score:2)
50% agree. (Score:2)
Re: (Score:2)
The real guilty ones are the ones not patching the server.
Uh, they used admin/admin to secure a web portal.
Please tell us where the "patch" is for Fucking Stupid. Intelligent humans really want to know.
Re: (Score:2)
Re: (Score:2)
You enter a house with the door open without being invited in, in most areas you can be legally shot by the owner.
Also if you enter the house, sift threw the paperwork and copy the data, you are stealing the data, just not the physical papers. As what is stole is intellectual property (Stuff that I know that I don't want you to know).
Yes companies should be held responsibility for data breaches, however the hackers are not innocent, and actually deserve the brunt of the punishment.
Re: (Score:2)
Stolen data (Score:2)
Was the data actually leaked or distributed?
Re: (Score:2)
Next up: (Score:2)
Indictments for mass-sells of personal data to the government (US) collected by the apex social media and Google.
Why just these four individuals ? (Score:4, Insightful)
Why just these four individuals ? If this hack was "state-sponsored" as Mr Bowdich claims, then why doesn't the indictment include president Xi Jinping ?
Isn't an act of agression commited against a country, commited under orders of the leader of a foreign nation, what we call an act of war ? If China has commited an act of war against the US, then why doesn't the US do what is supposed to be done in these cases, which is recall its ambassador and all diplomatic staff, close all ambassies, sever all diplomatic relations, and order all US economic entities and businesses to pull out of the country ?
Always bowing down to the leaders of a genocidal murderous repressive totalitarian regime and avoiding to offend them so you can keep doing "business" with them is not diplomacy, it's hypocricy and cowardness.
Re: (Score:1)
However if you're expecting we respond with military force then you're going to be disappointed, because only a total madman would do that. There is such a thing as a 'proportionate response' and using military force is not 'proportionate' in this case.
An all-out war between superpowers in the year 2020 would more-or-less end civilization as we know it on this planet. We have nukes, China has nukes, and between us we could make this planet uninhabitable. Eve
Re: (Score:2)
Equifax executives should be charged (Score:4, Insightful)
Blame China or Equifax (Score:2)
I sort of blame Equifax, maybe more than China.
Chinese hackers did what everyone expected of them.
Equifax?
I'd like to think that effective security from Equifax is something we should expect of them.
Now we know who, and *why*. (Score:2)
Just this news alone could cause mass panic. Imagine everyone pulling all their money out of U.S. banks, like they did when the Great Depression started. That alone would wreck our economy.
Re: (Score:2)
You mean that data that was so badly secured that a bright teenager could get it?
Remind me again... (Score:1)
risk (Score:2)
Has the class action compensation come out yet? (Score:3)
That was like a year ago or so now? I haven't heard anything since then. Anyone know if they're just still working on it or something?
Hold on a sec (Score:1)
Re: (Score:2)
Indeed. If these Chinese had anything to do with the attack at all, all they did was walk in an invitingly open door.
Re: (Score:2)
And what about the ones responsible at Equifax? (Score:2)
I mean, long-term unpatched Internet-facing servers are basically an invitation. No actual "hacking" was required to get in. Also, no or broken internal network segmentation, no DLP, no anomaly-detection, essentially nothing. Negligence does not get more gross than this.