top of page
molloycommunicatio

Planned or Accidental Cyber Theft?


Courtesy of Bakers Federal Credit Union https://bakersfcu.org/equifax-inc-data-breach/


Where and when do people get attacked or get threats? Cyber security, in simple terms, can be a malicious attack by organizations or individuals attempting to gain access to a network or steal confidential information. Therefore, cyber security professionals usually defend the systems against cyber-attacks. In some instances, cyber-attack may occur, and organizations are aware, while others arise without them noticing. Hence, hackers end up demanding money so that they can restore the functionality of the systems.


An example of a cyber-security threat is the Equifax breach in 2017. It compromised the personal data of about hundred and forty-three customers, such as addresses, birth dates, and other social security numbers. Equifax was an agent that assessed the financial health of Americans.


How did the breach happen? Who was behind the breach?

  • Investigation reports confirmed that several security lapses were on the systems, which made the attackers enter the systems and take away important data files. From two different reports, the attack's reconstruction may have happened differently. The hackers used the consumer web portal to hack into the systems. The portal was vulnerable because there were failures in the internal processes of Equifax which could have patched out the breaches.

  • Second, there was inadequate segmentation in the systems, which made it easy for the attackers to move from the web portal to other servers. Hence, they quickly found passwords and usernames that allowed them to access the systems further.

  • Third, they pulled data for several months without Equifax detecting it. The company had failed to encrypt a new certificate on one of its internal security tools. Lastly, the company did not put the situation to the public until it was discovered that it had already happened. Therefore, members of the company, especially the top executives, were accused of corruption and insider trading of people's information and data.



How did it all start?

It started in March 2017, when it was discovered by a development framework that created the Equifax Java applications. The framework, Apache Struts, was also responsible for creating other websites for the company. The attackers would send an HTTP request to the content-type header, and they could trick Struts into executing the code. Hence, they could easily open the systems that struts were running. However, one week after the start of March, the struts software realized some of the vulnerabilities, and two days later, administrators in Equifax were told to patch the affected systems. However, the employee instructed to perform the patching did not do so. Additionally, the vulnerabilities were not identified when the systems were being scanned because the systems seemed not to work. The vulnerabilities in the systems remained unpatched. The company had been warned about multiple unpatched systems, and the question remained why the patching process had failed during that time. The analysis also showed that the first breach was on March 10 that year, after the portal was breached. It also showed that they did not move to their next steps immediately. Between May and July, the attackers gained access to many company databases (Fruhlinger, 2020). They encrypted the data making it difficult for the company’s admins to notice. Therefore, they took all the data due to the poor governance of the data in the systems. Due to the expired certificates that were not encrypted, the attackers could get away with important data. After several months of discovery, the company renewed the certificates when they noticed the breaches that had occurred.


About 143 million people had been impacted by the breach because the attackers had compromised their data. The number was about 40% of American citizens. The compromised data included the date of birth, names, addresses, and driving license numbers. Additionally, some percent of the data included the credit card numbers of people who had paid the company to see their credit reports. Interestingly, the personal data of those who paid the company to look at their credit score was stolen. It would result in fraud which could lead to damaging their credit score. After the breach was publicized, the experts looked on the dark web to check for any information that could have been connected with the breach. However, no information appeared. Therefore, a theory was created that the company was hacked by hackers sponsored by the Chinese state to obtain and spy information. It was termed as not theft. The breach occurred within 76 days, and the attackers were active in the company's networks (Fruhlinger, 2020). The company spent around 1.4 billion dollars on upgrading its systems after discovering the attack on its systems.


Come to think of it, would it be a plan by the American government to obtain its citizen's information and direct the blame on the Chinese?


"I think they made up everything because even the investigation reports did not provide the necessary information. Again, why did the Apache Struts not provide the malicious systems that were directed into their systems?"


After publicizing the breach, the company faced many challenges because it set up a separate dedicated domain. It was set to host the information of those affected customers. However, it would be a failure to ask its customers to trust the new domain because it is only used when blocking scams. Again, those who used the domain were directed to another domain which was not safe. The company remained untrusted because different people judged the domain site insecure. The company should have used firewalls and endpoint detection software in their systems.


"I think it is very sad if our government did that to its own people. The government should be helping us, why would they be after our personal info if they have it anyways?"


"I think it was also suspicious because the information is not adding up. I need the true facts to believe it wasn't our own government."



0 views0 comments

Comments


bottom of page