Tinker Tailor Hacker Spy | A Contrarian Analysis Of The Equifax Breach

Tinker Tailor Hacker Spy | A Contrarian Analysis Of The Equifax Breach Some men like to watch the world burn, I would be lying if I said that I wasn't one of them and if we are honest you are at least a little bit like me. *Disclaimer : This is an opinion piece. Let us go out of bounds now and hope we don’t get lost in the bush. Equifax was a slap in the face to not just our national intelligence and cybersecurity apparatus, but our civil society and our democracy. The current narrative and coverage of the event undermines the seriousness of the Equifax breach and its perpetrators, I think its better we try to properly understand the real risks we are dealing with that stem from this breach. Tip Of The Iceberg Before we can begin to properly understand the repercussions of this breach, we need to understand the motivations of the people behind it. Equifax Press Release The source of this breach is that criminals , which is total horseshit when you think about it. publicly stated exploited a website application vulnerability It requires you to believe that the Equifax security team was asleep at the wheel, was failing to patch against web application vulnerabilities and took months to realize that an infiltration and exfiltration had taken place. Ir requires you to believe that the breach was limited to the social security numbers, drivers license numbers, addresses and birth dates of 143 million of you, as well as the credit card details of around 290k of them. I believe that this is just the tip of the iceberg we can see. Flaws In The Official Narrative We can , we can disregard the purported size of the data breach and the stated source of the breach, if anything they are just a smokescreen, mocking laughs left behind to taunt us. disregard those darknet operators extorting Equifax The darknet psyops campaign currently taunting security researchers and investigators is a smokescreen and the Equifax data has not yet appeared on the darknet for sale . The Psyops Campaign — beyond this one website Lets conduct a thought experiment and follow the public narrative, assuming the breach point a . The Breach — was vulnerability in Apache Struts This requires us to believe that either a known Apache Struts vulnerability ( an expression language vulnerability disclosed in March) or a then unknown zero day vulnerability ( an unsafe serialized object vulnerability disclosed in September) was responsible for the breach. CVE-2017–5638 CVE-2017–9085 It also requires us to arrive at this conclusion on our own, because neither the official statement, nor the subsequent analysis of the breach actually confirms this, instead we are being nudged towards this narrative by various actors. An nor the reveal anything, the phrase ‘not known’ is heavily leaned upon and there is no confirmation anywhere that these vulnerabilities were responsible. Subsequent Analysis — investment analysis of the breach official statement Most focused on this are in accord with this narrative and official sources are not challenging it, something I find quite incredible considering the sketchiness of this narratives foundation. cybersecurity commentators The Narrative Is A Smokescreen Being a of sorts, I am forced to challenge the public narrative and conduct a thought experiment which supports a different perspective. critical engineer In my thought experiment the surrounding the breach is untrue, the publicly stated belief that it is criminal activity is false and the fallout from the breach is much more serious than anyone is letting on. public narrative What is not being reveled is that these data breaches are much more extensive and interconnected than we are being led to believe and they are being initiated by state sponsored actors from a country I shall not name. The Equifax breach is connected with the breach at and its stolen data helps validate the OPM data, when you pool those two stolen data sets together with the biodata from the , you have a highly valuable source of intelligence on the US/UK intel/gov/def community. OPM.gov Anthem breach What do these three breaches have in common? They were all conducted by the same actors and the data has never been seen for sale on the darknet markets, despite its very obvious value, its being saved for something else. Continuing With The Thought Experiment If our thought experiment rests on solid ground then we can extrapolate the following consequences and risks from the breach, bearing in mind that it would be a mistake to focus on the moment and to think of the immediate consequences when the long term effects have yet to be felt. A financial crime spree in the short term really is the least of our worries, these breaches dramatically boost the intelligence capabilities and operations of our adversaries in lots of very important and fundamental ways. The data sets allow the culprits to develop full out-of-band profiling of known US intelligence personnel and make credible assumptions about suspected operatives from their backstory. The biodata set in particular is highly useful for validating existing classified holdings, in support of counter-intelligence operations. Enriched HUMINT Capabilities — These data sets are rich sources of second tier intelligence, highly valuable to those with a to and . Enriched Second Tier Intelligence — target centric approach target analysis threat analysis — These data sets can be pooled with OSINT resources to create incredibly detailed pictures on a huge chunk of the American population in general, highly useful in target analysis. Enriched OSINT Capabilities What Is The Long Term Fallout? Given these enriched capabilities, state sponsored operators could be highly effective at cyber espionage for the next decade and these data sets are rich with information that is highly useful to cyber espionage campaigns. This data can be leveraged in phishing attacks against corporate targets and make it really easy to spoof emails and calls to organizations running critical access accounts. They make it really easy to impersonate you and socially engineer their way into your company. Corporate Phishing- - This data can help identify potential targets working at important institutions who may be suffering from financial distress, making them vulnerable to manipulation and blackmail. Individual Target Manipulation - This data helps any operative conducting live operation establish credible sets of personas for use during their operations. They will use these personas to set up credible fronts on social media, avoiding KYC when opening operational bank accounts, renting properties and vehicles. Credible Personas - Any time the team holding the data needs to raise funds for an operation, they can selectively turn segments of the data into cold hard cash and treat the data as a cash machine, using it to fund all manner of ills. Black Op Finance Threat To Democracy & Civil Society Using these data sets operationally is just one way of leveraging them, the breaches by which these data sets were obtained and the high level use of this data can easily undermine our most important democratic, financial, political and civil institutions, destroying the confidence our citizens have in them. We have only just begun to get to grips with the foundations of our civil society being eroded by divisive political propaganda and we are only just beginning to see the malicious destabilization of our democracy at work. Federal government employees, high ranking corporate officials and the political figures aside, these data breaches leave the rest of us individually vulnerable to highly targeted campaigns that seek to cause political divisiveness and undermine our trust and confidence in one other. When you combine these data sets from these breaches, correlate them with the last decades worth of data and IP theft and the way they are being leveraged, they are nothing short of acts of war against all us. The Good Old Days In the old days if you got caught you were either showcased and bargained with, or you were secretly executed following an interrogation, but these days operators act from the comfort of their battle stations with impunity. They sit unchallenged and proactively do their work in a monotonous corporate way, safe in the knowledge they can go home at night to their families and leave their work at their doorsteps when they arrive. This situation will not be allowed to continue, these affronts against everything we hold dear will be decisively responded to, with the responsible parties being held to account no matter where they are physically located. These people better start hiding in caves. ? Let me know in the comments below, DM me your story on Twitter or contact me on Wire using @BuleBule. But what do you think What’s that? You like the cut of my jib? Follow me on Twitter then and give me a CLAP using the clap button, you can clap more than once :)