![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I'm not going to bother linking to an article about the CEO "retiring" with a $90,000,000 plan, it's just not worth it.
Bloomberg has a good breakdown of the structure of the hack. Basically after the Struts exploit became known and some (essentially) script kiddies gained a toehold in to Equifax's network, they handed their penetration off to a skilled team of pros. The pros then did quite a serious number, including installing custom backdoors that ignored the Struts problem and bypassed the firewalls, they then started breaking apart databases. They had so much information that they had to prioritize which databases were more valuable, then they had to break them down in to smaller chunks for exfiltration to avoid tripping monitoring software that watches for just this sort of thing.
Definite experts.
Which points to possibly nation state actors. A lot of people want to point to the Chinese because one of the tools is called China Chopper because it has a Chinese language interface, but it's used by hackers around the world, so that's hardly conclusive. But the thing that really points to nation actors: none of the information on the 143 million people that was stolen, including credit cards, has surfaced on any underground forums that sell stolen information.
Personally, my money for the country most likely to be responsible is Russia or North Korea. We know that Russia has the talent for something like this, and after the DPRK tore apart Sony for The Interview, and the fact that their cyber people were trained by the Chinese, they also have the skill.
Equifax suspected someone was in their system. Their contractor, Mandiant, sent a team over. For whatever reason, Equifax thinks that Mandiant didn't send over their best people. Squabbling ensued for an extended period of time, during which apparently nothing was done to stop the hackers or their theft. This amounts to criminal stupidity as far as I'm concerned. Disagree all you want, but GET THE EFFING JOB DONE and resolve the fight later! JOB ONE IS TO STOP THE BAD GUYS!
The original Bloomberg article:
https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros
The Slashdot article that lead me to the Bloomberg article, complete with some interesting comments:
https://news.slashdot.org/story/17/09/30/207200/squabble-with-contractor-delayed-equifaxs-response-to-data-breach
Bloomberg has a good breakdown of the structure of the hack. Basically after the Struts exploit became known and some (essentially) script kiddies gained a toehold in to Equifax's network, they handed their penetration off to a skilled team of pros. The pros then did quite a serious number, including installing custom backdoors that ignored the Struts problem and bypassed the firewalls, they then started breaking apart databases. They had so much information that they had to prioritize which databases were more valuable, then they had to break them down in to smaller chunks for exfiltration to avoid tripping monitoring software that watches for just this sort of thing.
Definite experts.
Which points to possibly nation state actors. A lot of people want to point to the Chinese because one of the tools is called China Chopper because it has a Chinese language interface, but it's used by hackers around the world, so that's hardly conclusive. But the thing that really points to nation actors: none of the information on the 143 million people that was stolen, including credit cards, has surfaced on any underground forums that sell stolen information.
Personally, my money for the country most likely to be responsible is Russia or North Korea. We know that Russia has the talent for something like this, and after the DPRK tore apart Sony for The Interview, and the fact that their cyber people were trained by the Chinese, they also have the skill.
Equifax suspected someone was in their system. Their contractor, Mandiant, sent a team over. For whatever reason, Equifax thinks that Mandiant didn't send over their best people. Squabbling ensued for an extended period of time, during which apparently nothing was done to stop the hackers or their theft. This amounts to criminal stupidity as far as I'm concerned. Disagree all you want, but GET THE EFFING JOB DONE and resolve the fight later! JOB ONE IS TO STOP THE BAD GUYS!
The original Bloomberg article:
https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros
The Slashdot article that lead me to the Bloomberg article, complete with some interesting comments:
https://news.slashdot.org/story/17/09/30/207200/squabble-with-contractor-delayed-equifaxs-response-to-data-breach
