The Equifax Breach Might Have Been a Foreign Intelligence Operation

The Equifax Breach Might Have Been a Foreign Intelligence Operation

When a criminal steals something valuable, like the personal data of 143 million Americans, it’s usually because they want to make money from it. Yet, the data from 2017 Equifax breach has never turned up for sale, and people have been looking! Security professionals are starting to suspect this was not the work of a profit-motivated hacker but rather an incredibly successful intelligence operation aimed at spying on US citizens.

Equifax announced the breach on September 7, 2017, but the breach happened between May and July of that year. Equifax executives learned of the data theft in July, prompting some of them to sell stock before announcing the incident weeks later. Data stolen in the hack included, but was not limited to, Social Security numbers, driver’s license numbers, addresses, and more. It was basically everything you’d need to steal someone’s identity.

US lawmakers passed a bill to make freezing your credit free, and many financial institutions recommended their customers take advantage of the service. Consumers braced themselves for a wave of scams, but they never came. Here we are 17 months later, and the stolen data hasn’t appeared online.

CNBC consulted eight security experts who scour the dark web for stolen data. The “dark web” in question is made up of encrypted sites hosted inside Tor, which makes it difficult or impossible for law enforcement to track down individual users or site operators. That’s why stolen data usually appears for sale on these shady forums, but none of the usual suspects are hocking the Equifax info.

The Equifax Breach Might Have Been a Foreign Intelligence Operation

Early in the investigation, authorities considered two possibilities: The hack was the work of criminals who wanted to sell the data, or that a nation-state was behind the data theft. Sources now say the prevailing theory is that a low-level hacker discovered the exploit but wasn’t skilled enough to swipe multiple terabytes of data without getting caught. So, they sold knowledge of the exploit on the dark web, and the buyer was most likely Russia or China.

Using this data, a foreign power could attempt to identify people with political influence or those who work in US intelligence. Credit reporting data could also include embarrassing information to help coerce someone into becoming an intelligence asset. So, the data might never pop up in the traditional way, but it could still be highly damaging to US interests.

Continue reading

FTC Files Antitrust Case to Break Up Facebook
FTC Files Antitrust Case to Break Up Facebook

New York Attorney General Letitia James has announced a major antitrust case against Facebook, which will be joined by 47 other state and regional AGs. And that's not all: the Federal Trade Commission (FTC) is filing a separate case against Facebook later today.

Cyberpunk 2077 Save Files Will Break Forever If You Collect Too Many Items
Cyberpunk 2077 Save Files Will Break Forever If You Collect Too Many Items

Gamers have griped loudly about the bugs and performance issues, and there's a new issue to note today: if you collect too many in-game items, your save file will break forever.

Intel Records Record-Breaking 2020, Will Build ‘Most’ 7nm in Its Own Fabs
Intel Records Record-Breaking 2020, Will Build ‘Most’ 7nm in Its Own Fabs

Intel broke revenue records for full year 2020 and saw client computing sales surge for the year. It didn't give exact specifics on 7nm, but it did update us on the broad shape of things.

Google Will Use Pixel’s Camera to Measure Heart Rate and Breathing
Google Will Use Pixel’s Camera to Measure Heart Rate and Breathing

Like many of Google's machine learning projects, this one is coming first to Pixel phones, and more phones will probably get it down the line.