New clues have emerged pointing to a state source for the Equifax data breach which affected 143 million American consumer’s personal data, with China suggested as a prime suspect.
Clues includes the use of multiple sub-specialized hacking teams and hacking tools known to have Chinese interfaces, though experts have said that this is far from conclusive.
Internet hackers probing for vulnerable systems came across a new fix from Apache for a known vulnerability in Apache struts, then found that the Equifax system had not been updated.
Once they had made a breach they went on to establish back doors into the system and then created web shells serving as redundant back doors, a technique known to be favoured by the Chinese. One of the web shells used was China Chopper, which is widely used by Chinese hackers, but also by other hacking groups.
A second team then used special tunnelling tools to maneuver around firewalls and cracking databases to create a map of where the most valuable data was stored. Again, this is a known tactic used by large organisations with various teams, such as the Chinese military.
Most personal data breaches on the internet are then sold on the dark web to other criminals to use for fraudulent purposes. But tellingly, investigators have confirmed that none of the data stolen in the Equifax breach has appeared for sale on those marketplaces – implying that it is almost certainly in the hands of a state intelligence
An investigator told news agency Bloomberg: ‘This wasn’t a credit card play, this was a get as much data as you can on every American play.’
A further indication that the breach is not deemed to be by cyber criminals is that when personal account information is being circulated among criminals, a large-scale cancellation of credit cards would normally be ordered. No such order has taken place.
Further internal and external investigations involving the FBI will continue before any conclusions are reached.
The news comes as Equifax admit that a further 2.5 million customers were potentially affected, bring the total to 145.5 million.
US-based Equifax is understood to hold the data of 44 million customers in the UK but has not disclosed how many were potentially affected.