Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United States Businesses Government Privacy Technology

The Stolen Equifax Data Has Never Been Found, Experts Suspect a Spy Scheme (cnbc.com) 86

An anonymous reader quotes a report from CNBC: On September 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyber-attack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S. It was the consumer data security scandal of the decade. The information included social security numbers, driver's license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared. Completely.

CNBC talked to eight experts, including data "hunters" who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen. But none of them knows where the data is now. It's never appeared on any hundreds of underground websites selling stolen information. Security experts haven't seen the data used for in any of the ways they'd expect in a theft like this -- not for impersonating victims, not for accessing other websites, nothing. Most experts familiar with the case now believe that the thieves were working for a foreign government, and are using the information not for financial gain, but to try and identify and recruit spies.

This discussion has been archived. No new comments can be posted.

The Stolen Equifax Data Has Never Been Found, Experts Suspect a Spy Scheme

Comments Filter:
  • by rsilvergun ( 571051 ) on Wednesday February 13, 2019 @05:58PM (#58118296)
    to disrupt our political system. A DB like that would be a goldmine for that purpose, and we know just about every hostile nation is meddling in our politics.
    • What's the economic cost given the name, birthdate, social security numbers can be used for DECADES to disrupt the US economy?

      How can Equifax still be in business?

      How can Wells Fargo, identify theft opening fraudulent financial accounts on a mass scale, still be in business?

      Is this the USA where you get a monetary fine paid by your errors and omissions insurer and stay in business?

      The data losses are like the worst chemical spill times 500.

      • How can Equifax still be in business?

        Because the people responsible have already resigned or been fired. Destroying the company would serve no logical purpose, would harm thousands of innocent people, and reduce competition in the industry.

        • by AmiMoJo ( 196126 )

          Make Equifax a non-profit for the next decade or two, with any money they make used to deal with identity theft and regulating the other credit reference agencies.

          Japan has jail for companies, basically they are not allowed to do any business for a number of days but have to pay staff. It's means tested to avoid making people unemployed and can't be used as an excuse for layoffs etc. Equifax could do a 4 day week for a while.

    • by rtb61 ( 674572 ) on Thursday February 14, 2019 @01:21AM (#58119626) Homepage

      You got to be totally delusional, disrupt the US political system, it needs to be fucking disrupted it is entirely corrupt. It is so crooked, any disruption immediately makes it more honest than it currently is. Right now, the rest of the world is content to allow the US to SELF DESTRUCT as long as it leaves the rest of the world alone in the process and there is stops. Maybe just maybe a few countries are using their espionage services to disrupt the corruption by exposing the crimes in the US that the US government routinely ignores, especially high level crimes.

      When you disrupt corruption, you do not make it worse, you just reduce it's extent, so hopefully everyone across the globe will work hard at disrupting entirely corrupt US politics, so that it is less corrupt (which would as it fucking turns out, means disrupting the extremely negative, corrupt and very criminal influence of the UK government, the Israeli government and the Saudi government and their disruption of any attempts to make US elections actually democratic and start prosecuting high level corruption).

      • by AmiMoJo ( 196126 )

        How do you explain Trump then? He came in and disrupted the usual political landscape, a non-politician with no experience in office and few connections within the Republican party. Displaced a bunch of more mainstream, established candidates including Clinton and Cruz...

        And yet he is also one of the most corrupt Presidents ever, loves giving jobs to his family and friends, uses the position to enrich himself, and at the very least seems to have surrounded himself with convicted/confessed criminals.

  • by Anonymous Coward

    Maybe they saw how much media attention they got and deleted it out of fear?

  • Just waiting (Score:5, Interesting)

    by chiefcrash ( 1315009 ) on Wednesday February 13, 2019 @06:08PM (#58118356)
    Perhaps they're just waiting for the heat to die down and those free credit-monitoring programs to expire before using the data....
  • Foreign agencies only have to wait for the next ritual "shutdown" and make a friendly offer to any government employees no longer paid - e.g. at your locale garage sale or at public soup kitchen.
  • Russia has its puppet in the white house. They dont need to blackmail anyone into cooperation. Now Russia will take care of Chinese hacker because it needs to protect its asset it has pwned.
    • The puppet is temporary. The value of the data will extend far past 4 years. Granted, its value likely decreases as time goes on, but it doesn't have a hard stop.

  • They'll be able to recover your identity, in 7 years.
  • Correct (Score:5, Insightful)

    by WillAffleckUW ( 858324 ) on Wednesday February 13, 2019 @06:24PM (#58118432) Homepage Journal

    Just a point, Social Security numbers and birthdates are not things you can easily change.

    It's time to realize the entire concept of credit ratings is deeply flawed and inherently insecure.

    • Wish I had mod points for you... this is at the CORE of the issue. It's a rickety and decrepit system that needs to be ripped to shreds and something better and smarter put into place.

    • by Luthair ( 847766 )
      Really there is no reason they shouldn't be easily changeable or perhaps unique per relationship (e.g. your bank gets a different # than the your employer). As implemented they shouldn't even be allowed to be collected or stored by anyone other than your employer and the government.
      • Yes. For example, most schools used to use SSN or SIN for IDs and moved away to other IDs over time. The only reason you should have this ID is for taxes, and it should never be stored in your primary customer database, for any reason.

        Birthdates can also be problematic. To someone who's 20, they think it's not identifiiable, but someone who's in their 90s knows it's very identifiable.

      • Easily changeable seems like a recipe for disaster. If fraud is an issue now, imagine if someone could change your SSN without you knowing.

        Unique per relationship seems much, much more useful. Still an issue if someone gets one for a relationship you don't have, but not as problematic since you only have one subset of your credit score, taxes, etc., that you have to untangle, not all of them.

    • by ceoyoyo ( 59147 )

      You're right! Should rebrand it. Maybe call it something like "social credit." Maybe work with China on implementing it.

    • Just wait (Score:4, Interesting)

      by ArchieBunker ( 132337 ) on Wednesday February 13, 2019 @09:25PM (#58119146)

      Someone is trying to test the idea of changing his birth date. Now that you can change gender and race at any time he is claiming he feels much younger than his age. This is the world that social justice warriors wanted so now they have to accept it.

      • by AmiMoJo ( 196126 )

        It was a guy in the Netherlands and he lost his case, although I think an appeal was possible.

        It's an interesting question. Being transgender is a well established and widely treated (in the developed world) medical condition. That guy just wanted to change his D.O.B. because he thought he was hot but not getting dates on Tinder because people were put off by his age...

        Seems like it would make more sense to argue against having to give your age at all, or at least give your actual age as opposed to the one

  • Of existing US workers.
    Of all US mil/gov workers/contractors.
    Of all US NGO, think tank, tourist and embassy workers with work globally.
    Anyone who ever held a US security clearance.
    International travel and hotel use.

    By sorting all of them any gov/mil created name placed into retroactive social media accounts, that fake resume can be more easy to detect.
    Contact by another nations officials with US spies to set up long term methods of spying.

    Who was really at a hotel in Macau years ago and what type o
  • It couldn't possibly be a rival credit monitoring organisation could it?

  • Personal detail information including SSN seems like very good data to impersonate legitimate citizens. I am not security specialist, but with existing voting percentages (60% presidential, 40% midterm) seem to me like a very serious problem for the US, which should not be taken lightly.
    Considering just the sheer volume of data - all or almost all citizens - seems impossible to control.
  • Really? So there's just one of them? -- one data? I guess I really WOULDN'T download a car, then.

    Don't worry: it's not the ACTUAL people, it's only some data about them -- y'know, METAdata. No big.

    Or is that metapeople? Nope. Datapeople? Maybe. Peopledata? Again, maybe.

    Just like all NICs have a unique MAC address*, let's just wait until an evil Russian spy corrupting FaceBook** appears in two different places at once. It should be easy to detect, I'm sure the NSA's computers will all immediat
  • Say it was China that hacked Equifax. We're in trade negotiations with them right now. Maybe they try to demand favorable terms in exchange for not releasing all that data.
  • Thank God we can do a free dark web scan at equifax dot com. Otherwise this could have been a disaster.

Technology is dominated by those who manage what they do not understand.

Working...