Not long ago, it seemed that Iran was the central cyberthreat to the U.S., at least in terms of immediacy.
As reported in this space last month, in the wake of an airstrike by the U.S. that killed Qassem Soleimani, head of Iran’s Quds force, agencies and businesses were on heightened alert for attacks on U.S. cybersecurity waged from Iran.
That threat seems to have receded a bit, and recent headlines underscore the fact that the battle to protect data and intellectual property (IP) is one that is waged on several fronts. And this time around, the salvos come from a key trading partner with whom a far-reaching trade pact has just been struck.
Monday (Feb. 10) saw the news that four members of the Chinese People’s Liberation Army (PLA) have been indicted by the United States in connection with the Equifax hack where data connected to 145 million Americans was stolen.
The indictment unsealed Monday spans nine counts, and charges the suspects in connection with their activities with the army’s 54th Research Institute, which operates as part of the Chinese military.
The federal indictment alleges the suspects stole personal information of 145 million Americans. The indicted were identified as Wang Qian, Wu Zhiyong, Xu Ke and Liu Lei.
In the words of U.S. Attorney General William Barr, “This was a deliberate and sweeping intrusion into the private information of the American people.”
Beyond the mechanics of the hack itself it should be noted that the indictment might point to a new front on the continuing cyberwar that now involves state actors targeting the United States.
The hacks and cyberattacks occurred from May until July 2017, and among the data stolen were names and Social Security numbers for 145 million Americans and driver’s license numbers for 10 million Americans. The theft reached beyond U.S. borders, as data tied to about a million citizens of the U.K. and Canada were also compromised.
Deputy FBI Director David Bowdich, as quoted by Yahoo Finance, said this is the largest instance of what is termed “state sponsored theft” in history.
“In a single breach, the PLA obtained sensitive personally identifiable information for nearly half of all American citizens,” prosecutors wrote.
The indictment comes after a trade pact struck between the U.S. and China that gave the nod to the lure of data, and the value of data on a geopolitical stage. The indictment also states that in addition to compromising and stealing data, the defendants have been charged with stealing trade secrets that included details about Equifax tied to how it compiles and uses data.
As stated in the trade pact, “The United States emphasizes trade secret protection. China regards trade secret protection as a core element of optimizing the business environment. The Parties agree to ensure effective protection for trade secrets and confidential business information and effective enforcement against the misappropriation of such information.” The indictment brings up an interesting question in the wake of the language in the trade agreement: Will China hand over those suspected of the attacks? Or will it be assumed that China will show some good faith and pursue them?
Back in 2017, retired Admiral Jim Stavridis told PYMNTS that cyberattacks are “military, geopolitical, national [and] financial.” The indictment against four Chinese nationals acting in service to China seems to tick off all those boxes — and put none of these issues to rest.