Slashdot Mirror
The Stolen Equifax Data Has Never Been Found, Experts Suspect a Spy Scheme (cnbc.com)
An anonymous reader quotes a report from CNBC: On September 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyber-attack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S. It was the consumer data security scandal of the decade. The information included social security numbers, driver's license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared. Completely.
CNBC talked to eight experts, including data "hunters" who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen. But none of them knows where the data is now. It's never appeared on any hundreds of underground websites selling stolen information. Security experts haven't seen the data used for in any of the ways they'd expect in a theft like this -- not for impersonating victims, not for accessing other websites, nothing. Most experts familiar with the case now believe that the thieves were working for a foreign government, and are using the information not for financial gain, but to try and identify and recruit spies.
CNBC talked to eight experts, including data "hunters" who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen. But none of them knows where the data is now. It's never appeared on any hundreds of underground websites selling stolen information. Security experts haven't seen the data used for in any of the ways they'd expect in a theft like this -- not for impersonating victims, not for accessing other websites, nothing. Most experts familiar with the case now believe that the thieves were working for a foreign government, and are using the information not for financial gain, but to try and identify and recruit spies.
to disrupt our political system. A DB like that would be a goldmine for that purpose, and we know just about every hostile nation is meddling in our politics.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Maybe they saw how much media attention they got and deleted it out of fear?
Its under something.
Thatâ(TM)s what my mom used to say.
Seriously I once interviewed for a contract job for equifax. Their secrecy terms are crazy. I refused to sign and was consequently not hired. It would not surprise me if the people there are so cut off from each other (left hand right hand) that they did not even get breached and they have no way to figure out what happened.
Maybe they encrypted it all and the guy with the password died, and now they're all fucked because they can't hack into it.
Perhaps they're just waiting for the heat to die down and those free credit-monitoring programs to expire before using the data....
Show me on the 1st Amendment bobblehead where the moderator touched you...
Foreign agencies only have to wait for the next ritual "shutdown" and make a friendly offer to any government employees no longer paid - e.g. at your locale garage sale or at public soup kitchen.
China is making lists of who to round up when they come to liberate us from the evils of capitalism.
Russia has its puppet in the white house. They dont need to blackmail anyone into cooperation. Now Russia will take care of Chinese hacker because it needs to protect its asset it has pwned.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
They'll be able to recover your identity, in 7 years.
Just a point, Social Security numbers and birthdates are not things you can easily change.
It's time to realize the entire concept of credit ratings is deeply flawed and inherently insecure.
-- Tigger warning: This post may contain tiggers! --
Could it be spies? Sure. Could it be 100 other scenarios? Absolutely.
Our propaganda campaign against China and Russia is in full swing at the moment so obviously we'll allude to them no matter how tenuous the evidence.
Of existing US workers.
Of all US mil/gov workers/contractors.
Of all US NGO, think tank, tourist and embassy workers with work globally.
Anyone who ever held a US security clearance.
International travel and hotel use.
By sorting all of them any gov/mil created name placed into retroactive social media accounts, that fake resume can be more easy to detect.
Contact by another nations officials with US spies to set up long term methods of spying.
Who was really at a hotel in Macau years ago and what type of ID did they use with what created biography?
Who else from the USA that that same pattern of missing and created ID data now?
When creating a new ID did the US gov/mil/contractor consider all the database changes at a city, state and federal level?
Someone has created a vast US database spanning generations of US gov datasets and has more data than most US city and state gov.
Background checks are going to have to be much more creative and other nations gov/mil can do the same in real time.
In the past the US gov and mil could remove/add mil service, college, type of education, level of education to provide a quality cover story.
Now that created "name" has to match past database sets the USA cant alter in real time.
Domestic spying is now "Benign Information Gathering"
No, it makes a ton of sense if you're thinking like someone who has billions of dollars and government supercomputer access. With this data, all they need is some purchasing history to feed into the simulator with it and they can make a full psychological profile on you and everyone you've ever met.
Why not do both?
He sure is dumb enough but he might suspect something if you mention silver coins. Just tell him that you have seen scratched lottery tickets but that you don't remember exactly where and he will bite for sure!
The employees got paid.
All the contractors got given a big fuck you.
You guys watch entirely way to much bad science fiction.
What's the economic cost given the name, birthdate, social security numbers can be used for DECADES to disrupt the US economy?
How can Equifax still be in business?
How can Wells Fargo, identify theft opening fraudulent financial accounts on a mass scale, still be in business?
Is this the USA where you get a monetary fine paid by your errors and omissions insurer and stay in business?
The data losses are like the worst chemical spill times 500.
Not true.. IF you had a funded government contract, you got (or will) get paid for work done/hours worked.
If you got sent home because there was no work to do, too bad you are a contractor but it was your choice. That's the risk of contracting, you can be let go at a moment's notice. Sucks to be you, but I'm not going to cry crocodile tears for your losing 4 weeks worth of work and if you don't have enough resources stashed away for such contract interruptions, you are crazy or inept. IF a contractor lives paycheck to paycheck how on earth will they survive when their contract is not renewed? Not a good idea.
Actually, it's not a good idea to live paycheck to paycheck anyway, I don't care who you are. One should always have 3-6 months of living expenses (not income, minimum living expenses) on hand. Layoffs happen, contacts end, accidents happen and unemployment takes time to get. I can attest that it's not a matter of IF, but WHEN it will happen to you. Nearly all of us will lose a job one or more times in our careers. Be ready. Bankruptcy is a royal pain and ruins your live for a decade. Don't do it.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
to go with that, so they'd know where, based on financial data, people were in bad or good financial shape and therefore where they could foment anger, frustration and discontent leading to poor decision making.
People in bad shape do not make good choices. Pressure does not make diamonds, it makes garbage more compact. Take somebody who's financially desperate and push the right buttons and they'll do stupid things. Do it to a large number of people in a country where political decisions are made by margins of less than half a percent and you can wreck shit.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The data was not "stolen" ... it was copied.
Duh.
No, it makes a ton of sense if you're thinking like someone who has billions of dollars and government supercomputer access. With this data, all they need is some purchasing history to feed into the simulator with it and they can make a full psychological profile on you and everyone you've ever met.
How does having someone's SSN help you access their purchasing history?
If you have someone's SSN and purchasing history, how does that help you psychologically profile them any better than just having their purchasing history (which they don't have)?
How is the SSN helpful?
How would an SSN help them identify "everyone you've ever met"?
How would "supercomputer access" be helpful?
No foreign nation could possibly fuck up your political system worse than the democrats did.
i saw it. well, i saw screenshots of the raw Equifax data files, which were hosted on an .onion site. the screencaps were posted the day before the breach occured, in a vague "ha, ha, guess what i have?" joking manner. since the breach hadn't gone public yet, i didn't know what to make of them.
who posted it? a certain obscure and infamous hacker twitter account which has since gone dormant. i won't tell you the account anme, because it wouldn't matter, because everything you read in the Fake News about high profile hacks is all lies and false flags and psyops. i have zero faith in the FBI giving a shit about busting real hacker baddies. FBI is too busy rolling in the mud of their own political corruption and their repeated attempts at Praetorian Guard Palace Coup plots.
the twitter account also posted screenies of the ransom demands by the hacker John Doe who breached Equifax. he wanted Bitcoins by a certain date or else he said he was dumping all of the Equifax data. since that date came and went and nothing happened, i can only presume John Doe is either now a resident of Gitmo and enjoys having his balls zapped while he gets his daily waterboarding and his fed the Hummus Lunch Plate Special through a tube up his ass via "rectal re-hydration", or John Doe was the NSA all along and they were the ones who breached Equifax to put on a big cyberwar show for reasons & ends i cannot begin to comprehend.
so what really happened? who the fuck knows. all i do know is everything being said about this in the Fake News is Not Even Wrong.
Someone is trying to test the idea of changing his birth date. Now that you can change gender and race at any time he is claiming he feels much younger than his age. This is the world that social justice warriors wanted so now they have to accept it.
Only the State obtains its revenue by coercion. - Murray Rothbard
They use that SSN for a lot of important paperwork throughout your life, from jobs to schools to property ownership to insurance. If you take all these fatuous questions and assume this wasn't the only data breach ever, it really shouldn't take a huge imagination to figure out the types of things they could do by combining it with similar troves of data extracted from various social networks and advertising networks.
"he will bite for sure!"
he has no teeth
i think you mean "he will gum for sure"
You will recall the OPM hack of everyone's security clearance data (including my above top secret SAP/SAR clearance.) This was an identity thief's wet dream: everything from SS# to address history to mother's maiden name to... Yet I don't know of it any identity theft linked to this hack, which would suggest a state actor. (And demonstrates galloping government security incompetence.)
It couldn't possibly be a rival credit monitoring organisation could it?
It's OK Bender, there's no such thing as 2.
Personal detail information including SSN seems like very good data to impersonate legitimate citizens. I am not security specialist, but with existing voting percentages (60% presidential, 40% midterm) seem to me like a very serious problem for the US, which should not be taken lightly.
Considering just the sheer volume of data - all or almost all citizens - seems impossible to control.
I'm baffled by this, do people seriously think the "bad guys" advertise what database(s) they used to get your information? Get real. You'll never know, even if the popular have I been pwned website were to somehow indext the data.
They will attack you by proxy. Equifax is but one of MANY databases of the same. Here's a hint, Insurance companies store everything you've ever done too including bizare things like the credit rating of you and anyone you've ever had or given policy coverage to. At least in Canada that data will never be removed (I've tried). Any broker can look at your entire history without any real authorization. There isn't a way to see who has accessed it either, I've had brokers email me my entire dossier and that of my wife without question. They didn't know what SSL was let alone have the ability to send anything securely.
Let that sink in the next time you grab your pitchforks. The issues with Equifax extend to ALL Cloud providers.
I didn't give Equifax permission to keep details about me - if a criminal convinces a bank to lend him money and it goes on my credit report, can I sue Equifax for libel? It would be a written lie about me. "Identity theft" is their named way to make their problem, my problem.
Really? So there's just one of them? -- one data? I guess I really WOULDN'T download a car, then.
Don't worry: it's not the ACTUAL people, it's only some data about them -- y'know, METAdata. No big.
Or is that metapeople? Nope. Datapeople? Maybe. Peopledata? Again, maybe.
Just like all NICs have a unique MAC address*, let's just wait until an evil Russian spy corrupting FaceBook** appears in two different places at once. It should be easy to detect, I'm sure the NSA's computers will all immediately crash since it's never had to process data that way before. (New code path, dont-cha-know?)
* I've heard a decade ago that Compaq? issued some NICs with burned-in duplicate MACs which made for a fine mess. And then supposedly, this.
** an evil Russian spy corrupting FaceBook. Y'know, I'm not sure who'd be corrupting whom.
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
we're talking the ability to target neighborhoods. Individuals even. Crazy shit becomes possible when you've got a large state with nigh unlimited resources and a monstrous amount of data on their enemy.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
You are literally mentally retarded.
You got to be totally delusional, disrupt the US political system, it needs to be fucking disrupted it is entirely corrupt. It is so crooked, any disruption immediately makes it more honest than it currently is. Right now, the rest of the world is content to allow the US to SELF DESTRUCT as long as it leaves the rest of the world alone in the process and there is stops. Maybe just maybe a few countries are using their espionage services to disrupt the corruption by exposing the crimes in the US that the US government routinely ignores, especially high level crimes.
When you disrupt corruption, you do not make it worse, you just reduce it's extent, so hopefully everyone across the globe will work hard at disrupting entirely corrupt US politics, so that it is less corrupt (which would as it fucking turns out, means disrupting the extremely negative, corrupt and very criminal influence of the UK government, the Israeli government and the Saudi government and their disruption of any attempts to make US elections actually democratic and start prosecuting high level corruption).
Chaos - everything, everywhere, everywhen
creimertards delete thread!
They wouldn't have needed to break into a financial company -- the parties themselves already have that data.
Actually, it's not a good idea to live paycheck to paycheck anyway, I don't care who you are. One should always have 3-6 months of living expenses (not income, minimum living expenses) on hand.
No, you should have 6 months INCOME, not "minimum living expenses" on hand.
Ideally you should have 12 months income saved.
Why? It is obvious. Once people are fired they will NOT switch to "minimum living expenses" mode immediately.
People are stupid. When average people lose their jobs they will remain at their current cost level because "they have so much saved up" so they will almost immediately use it all up and only switch to "minimum living expenses" once the money runs out. I.e. after a few weeks.
I.e. they switch to "minimum living expenses" not when they lose their income but once all their money saved up runs out.
I however have been happily living near minimum for the last 30 years, working in tech.
I am so used to lean living that cutting down a bit more won't even bother me.
It is nice however knowing IF I want to purchase a house, cash, I can. And have done.
At this point, living very frugaly for 30+ years, at this point I measure the time I can live without a paycheck and without cutting down on my standard of living in the "several decades" range.
>be me
>it fucking rocks to be me.
>sure I very rarely spend much money but when I do, you will fucking envy me.
Say it was China that hacked Equifax. We're in trade negotiations with them right now. Maybe they try to demand favorable terms in exchange for not releasing all that data.
How do you explain Trump then? He came in and disrupted the usual political landscape, a non-politician with no experience in office and few connections within the Republican party. Displaced a bunch of more mainstream, established candidates including Clinton and Cruz...
And yet he is also one of the most corrupt Presidents ever, loves giving jobs to his family and friends, uses the position to enrich himself, and at the very least seems to have surrounded himself with convicted/confessed criminals.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Thank God we can do a free dark web scan at equifax dot com. Otherwise this could have been a disaster.
Knowing that an intelligence agency probably has the data, he said he's also reading the news more often. He looks for stories about bribery, graft, spies being caught or politicians suddenly spouting rhetoric in defense of hostile nations where they hadn't before.
Who could that be?
Bravo... I applaud your life choices and financial self sufficiency. Everybody should be like you.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Checkmate.
Easily. The landscape was already disrupted enough for Trump just to pick up the Presidency which was laying on the ground .