First a little background...On Thursday Sept 7th 2017 Equifax, a provider of consumer credit reports in the US, was hacked and more than 143 million customers details were stolen. The accessed data included names, Social Security numbers, date of births, addresses and driver's license numbers. It also included approximately 209,000 credit card numbers, and approximately 182,000 dispute documents containing personal identifying information.
Equifax Announces Cybersecurity Incident Involving Consumer Information | Equifax - 09/07/2017
Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017.
Although the hack only came to light a few days ago Equifax actually discovered the security breach as early as July 29th.
Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.
Insider Trading
On the same day Equifax released their statement detailing the hack Bloomberg reported that on August 1st, just 2 days after the hack was discovered, 3 of the companies top executives had sold a total of nearly $1.8 million of their shares in the company.
Three Equifax Managers Sold Stock Before Cyber Hack Revealed | Bloomberg - 09/07/2017
Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers. The trio had not yet been informed of the incident, the company said late Thursday. Regulatory filings show that on:
August 1st
- John Gamble, Chief Financial Officer sold shares worth $946,374
- Joseph Loughran, President of U.S. information solutions sold shares worth $584,099
August 2nd
- Rodolfo Ploder, President of workforce solutions, sold shares worth $250,458
Bloomberg notes that none of the transactions were part of a 10b5-1 scheduled trading plan. The share price also dropped on the day Equifax made the breach public.
Fake Website
Within hours of the news braking security researchers were looking into who was behind the hack. They quickly found a tor website, badtouchyonqysm3.onion (which has since been removed), that was set up by an unknown group calling themselves the PastHole Hacking Team that was purportedly selling the data for 600 BTC.
Security researchers looking into the website found that it was linked to a static BTC address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy which currently only has around $40 in. They also were using a vanity email address pasthole@national.shitposting.agency which was hosted by the secure email provider cock.li which has since been disabled.
Another researcher identified that the site was hosted on danwin1210 via OnionScan.
For a more detailed explanation of how the hosting details we discovered you can check it out wvualpha soldiers analysis here. The tor website broke the terms and conditions laid out by the hosing provider foe being a scam so was quickly disabled by the admin.
This jsut goes to show how easy it would be to set up such a scam site shortly after a data breach of this kind. Knowing now that the breach happened between May and July it seems obvious that this was a fake website. This isn't the normal way cyber criminals would usually sell stolen data and if the hackers really were going to sell the data they would have sold it months ago.
FORTIFIED
THANK YOU FOR READING
- If You Would Like To Help Me Make More Great Original Content Please Consider Upvoting and Re-Steeming -