Equifax recently announced a breach that compromised the records of up to 143 million clients. The data gathered by the criminals includes names, social security numbers, addresses and birthdates. For anyone who has had their identity stolen, you find out quickly that with this information, a criminal can open a line of credit in your name and start drawing on it.
How did it happen? Criminal attacks, or “exploits”, fall into two broad categories: those that are custom-targeted at a specific client and those that are designed for a broad market. The Equifax attack was a custom attack directed at Equifax. The attack took advantage of a web server vulnerability that the criminals discovered during their probing process. Anyone who has an internet connection is constantly being probed by criminals looking for a vulnerability they can exploit. With Equifax, the criminals could easily identify Equifax web sites and the underlying web server technology. With that knowledge, the criminals were able consult dark net web resources to customize the attack by looking for a specific weaknesses. Once inside the web server, the criminals were able to piggyback on connections to the Equifax database filled with consumer information. By hiding their activity in the millions of daily transactions, the criminals were able to mask their activity for months. Equifax began to look for a breach when the possibility of a breach was brought to their attention by a third party.
How can Equifax figure out what happened? By searching through billions of log file entries. The task is painstaking and time-consuming. Equifax retained the leader in breach forensics, Fire Eye, to conduct the investigation. Finding the “Day Zero” event is like finding a needle in a hay stack, but not knowing which hay stack of 100’s to start looking in. After reviewing the log files, experts can find a trail of log entries that would lead them to the “Day Zero” event and give them a rough idea of what happened. Unless the log files are carefully taken care of, the criminals have the ability to modify them, in effect completely masking their activities.What can you do to protect yourself? Unfortunately, if you use credit, do online banking, or have credit cards, you are at the mercy of the financial and credit reporting companies to safe guard your data. Sign up with a credit reporting agency that can monitor activity on your account and put stops on the issuance of new credit. Yes, Equifax was one of the big three credit reporting companies, but unfortunately the credit reporting companies are the main gate keepers for credit reports. Ironically, the breach of a credit reporting company makes having an account with a credit reporting company more of a necessity.