Fraud Attack

Experts Say Equifax Data Breach Was A Spy Job

Remember all that stolen Equifax data?

Remember how all those names, addresses, dates of birth, Social Security and drivers’ license numbers and other information were stolen in September of 2017 – the information of some 143 million people – in what still stands as the one of the biggest data breaches of all time?

Well, investigators reportedly cannot find it. What that means – and what is setting off alarm bells – is that the absence of that stolen data on digital black markets is a sign that criminals are trying to fence those stolen goods.

And that is leading to suspicions that spies, not fraudsters, were ultimately behind the Equifax breach. If so, that would serve as a harsh reminder that the dangers out there in the digital wilds come not only from criminals bent on creating fake accounts and other vehicles, but also intelligence operations that keep developing their hacking and cyberwar expertise.

Breach Confusion

The news comes down to this: Eight experts on hacking the dark web, cybersecurity and associated areas who were contacted by CNBC reportedly don’t know “where the data is now. It’s never appeared on any [of the] hundreds of underground websites selling stolen information. Security experts haven’t seen the data used in any of the ways they’d expect in a theft like this — not for impersonating victims, not for accessing other websites, nothing.”

That lack of clarity is, according to CNBC, crafting a “consensus” that the Equifax data “thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies.”

Spies continue to be recruited via a variety of methods, including those that involve ideology, blackmail and extortion, and simple financial gain. And thieves often have to delay selling their ill-gotten goods until attention on a particular theft dies down — that is a common situation when it comes to thefts of famous artwork, for instance. Even though some experts, quoted by CNBC or speaking elsewhere, had said such a principle might apply to the Equifax breach, its size and scope continues to attract a huge spotlight, including in the U.S. Congress. Seventeen months, according to those experts, is a long time to wait to sell such valuable data.

According to the experts quoted by CNBC, the Equifax heist could have happened like this: “The breach probably started with a low-level criminal who exploited a vulnerability in Equifax’s defenses but was not experienced or capable enough to do more damage by moving further throughout the company. This criminal then sought help via the criminal underground, and shared or sold information about the vulnerability. The buyer was probably a proxy for the Russian or Chinese government.”

Marriott Similarity?

That is certainly imaginable.

Another recent major data breach involved Marriott and the theft of data on about 500 million guests, information that included names, passport numbers, email addresses and Starwood account information. That breach is also among the biggest in history. The latest information puts the blame for the theft on China, as well as an intelligence-gathering campaign that hacked health insurance companies and security clearance files of millions of people living in the U.S. That revelation came as the U.S. government was gearing up to launch actions against China’s trade, which include indicting Chinese hackers who work for the government.

Russia, too, has been accused of multiple data breaches, and the country keeps developing a form of “asymmetrical” warfare that depends heavily on hacking and other online activities. North Korea is also regularly charged with conducting its own major hacking activity — including activity related to cryptocurrency.

Even if the Equifax data ended up in the hands of state-backed intelligence operators instead of the dark web, that doesn’t relieve any pressure when it comes to online fraud, of course. In late 2018, for example, Juniper Research predicted there will be a 175 percent boost in cybercrime by 2023. That’s on top of the 12 billion records expected to be compromised this year alone, and a cumulative tally of 146 billion records accessed by 2023. That comes amid a relatively tepid projection for cybersecurity spend, slated to grow 9 percent annually. The U.S. will remain a disproportionately large target by 2023, tied to half of the breaches.

Fraudsters and intelligence operators will continue to keep payments and commerce operators on their toes as they search for the latest technology to keep hackers at bay and reduce the scope of any future breaches.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.