October 16, 2017

Mothers are Worried – Equifax Breach


I woke up two Sunday’s ago in a hotel room after attending the Blake Shelton concert at the United States Air Force Stadium. Still sleepy, I picked up my phone and started reading text messages from my mom. After skimming the message and coming to attention, I realized my mom was concerned about several cybersecurity related issues. One of these issues was the Equifax data breach. In the messages all I could feel was a distressed mother concerned not only for her identity and personal information, but her children’s as well.

After reading some important information on the breach and how it occurred it was astonishing to find out Equifax knew about the security flaw 2 months prior to the public announcement on September 7, 2017. Crackers use an attack strategy called persistence where they probe a network for other potential flaws to exploit, this is common in a data breach. After the public announcement I found out that Equifax had been giving out a fake URL to its consumers over two weeks. Equifax initially created the official and correct URL as equifaxsecurity2017.com, but a developer by the name of Nick Sweeting created a cloned website of his own to prove a point about compromising websites. Equifax had been deceived unintentionally, and the point was made.

The most interesting part of a data breach is finding out Who did it? Where’s my information? What was the purpose of the breach?  A person can make the logical assumption that it was for financial gain since the dataset could sell for a mere $2.6 Million USD. It turns out, on the 17th and 19th of September, there appeared to be criminals ransoming the data for revocation of the DACA, Deferred Action for Childhood Arrivals and Immigration Policy. This flips the script about the motivated attack on Equifax. Usually these types of criminals, or what professionals call “Hacktivists”, have more of a political agenda, but let’s not get into that. After sampling the data there was phony and tangible consumer information in the post. Over time, if everything proves to be legitimate, we could see several millions of records of Personal Identifiable Information arise on the darknet.