The Equifax Breach Might Have Been a Foreign Intelligence Operation

The Equifax Breach Might Have Been a Foreign Intelligence Operation

When a criminal steals something valuable, like the personal data of 143 million Americans, it’s usually because they want to make money from it. Yet, the data from 2017 Equifax breach has never turned up for sale, and people have been looking! Security professionals are starting to suspect this was not the work of a profit-motivated hacker but rather an incredibly successful intelligence operation aimed at spying on US citizens.

Equifax announced the breach on September 7, 2017, but the breach happened between May and July of that year. Equifax executives learned of the data theft in July, prompting some of them to sell stock before announcing the incident weeks later. Data stolen in the hack included, but was not limited to, Social Security numbers, driver’s license numbers, addresses, and more. It was basically everything you’d need to steal someone’s identity.

US lawmakers passed a bill to make freezing your credit free, and many financial institutions recommended their customers take advantage of the service. Consumers braced themselves for a wave of scams, but they never came. Here we are 17 months later, and the stolen data hasn’t appeared online.

CNBC consulted eight security experts who scour the dark web for stolen data. The “dark web” in question is made up of encrypted sites hosted inside Tor, which makes it difficult or impossible for law enforcement to track down individual users or site operators. That’s why stolen data usually appears for sale on these shady forums, but none of the usual suspects are hocking the Equifax info.

The Equifax Breach Might Have Been a Foreign Intelligence Operation

Early in the investigation, authorities considered two possibilities: The hack was the work of criminals who wanted to sell the data, or that a nation-state was behind the data theft. Sources now say the prevailing theory is that a low-level hacker discovered the exploit but wasn’t skilled enough to swipe multiple terabytes of data without getting caught. So, they sold knowledge of the exploit on the dark web, and the buyer was most likely Russia or China.

Using this data, a foreign power could attempt to identify people with political influence or those who work in US intelligence. Credit reporting data could also include embarrassing information to help coerce someone into becoming an intelligence asset. So, the data might never pop up in the traditional way, but it could still be highly damaging to US interests.

Continue reading

Chromebooks Gain Market Share as Education Goes Online
Chromebooks Gain Market Share as Education Goes Online

Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.