Espionage Hackers And Spies

There is a bigger story behind some data breaches. A story bigger than technology failures, or human error, and social engineering. A bigger picture than what the media and security reports discuss. One involving international relations, long-cycle planning and espionage.

This is that story.?

Four (4) breaches that made news, and then disappeared from the front page. They all correlate together, and have an interesting connection. They are:

1. the Anthem Breach,
2. the Equifax breach,
3. the breach of the OPM (Office of Personnel Management) for the US govt, and
4. the Marriott International (Starwood Hotels) breach.

These are stories which many believe involve secret espionage behind these major breaches and what espionage means to America.

A Dilemma

It was a sunny, hot, humid afternoon in Shanghai, China. The man folded his piece of paper while walking out of a crowded market.

Pushing past an elderly woman mumbling to herself in a regional dialect, as he hurried down the street, beads of sweat began to run over his brow. He thought to himself," what are they asking me to do? Will the morality police arrest me? Send me off to a work prison if I don't do this? But my family needs the money. I have to get this done. "

He confided in a friend by burner phone later on that day. "Of course I loved my childhood in the Midwest and believe in the United States. I enjoyed growing up there. But I have to look out for my family, man, and I have to do what's best for me."

He knew he had access to certain systems that if turned over to the Chinese government would be devastating to U. S. citizens, causing private confidential personal information to be in the hands of people who would track. Hunt and watch every move of those unknowing Americans for decades to come, using it against them as they pleased.

He also knew his life was in shambles.

He hadn't eaten for days due to paralyzing anxiety.

His wife has stage 4 cancer. Their house is nearing foreclosure. His 12 year old autistic daughter needed treatment and his moderate government salary was causing his family to drown in a sea of crippling debt.

What happened next changed the trajectory of foreign relations. It led to U. S. indictments of several key Chinese government official computer hackers and ruined the lives and privacy of tens of millions of Americans.

ESPIONAGE AND BREACHES

So what is the difference between a breach and espionage? There are data breaches and then there is cyber espionage.

The difference between a breach and espionage lies in the use of the stolen data and the criminal's Modus Operandi.

The modus operandi, the way and mannerisms that the criminals, used and international law treaties and sanctions.

The ripple effect can be in the loss of life, imprisonment of people involved, the loss of billions of dollars above and beyond the cost of remediating the data breach and systems involved themselves. The core cyber military people we are discussing today are allegedly working for the Chinese government.

But as we all know, there are equally dangerous organizations from the Russian regions and North Korea. A few main data breaches that hit the news in the past few years are discussed usually in terms of the data breaches themselves, the amount of data that was exfiltrated, which is we always point out is a fancy way of saying it was stolen.

The impact on the users and the wonderful free credit monitoring that people receive and how bad the security either was or was not that led up to the breach. Thank you very much. Free credit monitoring does not satisfy anyone. Plus we all have about 3-5 different version versions available to all of us.

But there's a bigger story behind certain breaches.

Because there might be reasons. There might be national security reasons, or it just might not be something that is the flavor of the day. It might be taken the place of by some Kardashian news or something else, right? But the breaches we're going to talk about today are important. because it's much more than just the breaches.

THE BERMUDA TRIANGLE OF BREACHES

What's really happening here? As U. S. Attorney Bill Barr said on the one hand, “This data has economic value, and these thefts can feed... China's development of artificial intelligence tools, as well as the creation of intelligence targeting packages.”

We're going to explore what that means, right? Well, it’s more than that.

So let's walk through each breach. High level, business sense discussion without getting too technical.

EQUIFAX Breach

The Equifax breach. Even if you're not familiar with who Equifax is, you certainly have experienced their services. More importantly, you are most likely a customer of Equifax and was affected in this breach.

Have you ever borrowed money for a car, rented an apartment, or bought a house?

If so, you know that they run a credit report and that report gives you a score, a number, a FICO number, right? A FICO score. That's a combination of three main credit bureaus, companies that track all of your spending payments report. If you pay a bill 30 days late, 60 days late, if you've ever been evicted, suffered a bankruptcy, they have all of the payments.

They have everything about you.

In school, we got grades, right? As an adult, you have grades too, and that's your FICO score. You have a FICO score and to have a FICO score, you get those scores from those three main credit bureaus, TransUnion, Experian, and our wonderful.

POSTER CHILD of WHAT NOT TO DO

In March, 2017, personally identifiable data of more than 140 million us citizens was stolen from Equifax.

140 million.

The breach exposed several scandals and launched Equifax to the very top of the list as the poster child of what not to do for security for an organization.

Equifax was criticized for everything, from ranging from their terrible security posture to their alleged insider trading by executives and bumbling response to the breach. Most importantly, the questions of who was behind the breach. has serious implications for the global political landscape. Like watching a slow train wreck, a major data breach like Equifax, involved international cyber espionage.

It's the type of disaster resulting from a series of bad decisions. And like a slow train wreck, people can't help but watch.

Our research involved dark web mining, and we strongly discourage you from doing that. But there's also some surface web resources, like an article from CSO Online, a detailed report from the US General Accounting Office, in-depth analysis from Bloomberg Business Week, as well as several other articles.

Equifax was initially hacked, compromised, through a common vulnerability, and they simply failed to patch that vulnerability. It had been something that was widely known in the security and IT and tech space to simply patch.

When we say patch, all we mean is, you know, on your Desktop when it says you have an update, like your MacBook has an update, your iPhone has an update, right? You need to, you need to do those things within a reasonable time. Why? Because there's usually security implications and things like that. And now there's a whole host of practical reasons why people delay.

Because usually they need to test those patches because when you patch something, something, it may break something else, but they didn't even do that.

SINGLE POINT OF FAILURE

One single IT resource failed to patch what was commonly being patched across the industry at the time. They then ran another scan. They did that improperly. They failed once again to patch.

What we just saw is like two or three different layers of common basic hygiene that just wasn't done.

Enter China. Not the people of China. Not at all. We’re talking about the Chinese government, the communist government of the country, and their cyber mercenary team.

The attackers. They were able to get in, exploit this commonly known vulnerability, left unpatched. One that was on a network which got scanned and left unpatched again.

Key to The Castle with Jewels Out in the Open

They were able to move from the Equifax web portal to other servers throughout the organization. And here's another yet another poor security action by Equifax, the systems weren't adequately segmented from one another.

Meaning, one they got in, they got the keys to the castle.

A basic fundamental tenet not to do. These threat actors were able to find usernames and passwords stored. Yet another security flaw.

They were all in plain text.

So, here's one of the things that we always talk about, right?

If you are holding the usernames and passwords of people, you need to encrypt them. Salt or Pepper the data. Salting means you put random series of numbers/letters in the beginning. Peppering means you put random series of numbers at the end.

Think about having 140 Million social security numbers. Wouldn’t it be prudent to salt or pepper them?

Espionage, Hackers & Spies Vol 1 @Cyber Crime Junkies https://youtu.be/4YbYqVYOdh4?si=zdilHW0uyS1zwukf

You have a duty to not do that job negligently. right? And what you need to do is, is salt and pepper that data. Why? Because if somebody steals it, or even if the data is accidentally disclosed then somebody can't use that data. So if you have a whole series of say five random numbers before, and you know that the social security number actually starts on the sixth number, right? Then you'll be able to use that data all you want. But if somebody steals the data, they won't know what the actual social security number is.

So they couldn't use it. Well, that wasn't done here either. The information was kept in plain text. So username, the actual user names right there. Passwords, the actual passwords, right there in plain text. Social security numbers, the actual social security numbers right there. Data, driver's license, all of that credit information, all of that in plain text.

Yet another security error.

The attackers exfiltrated, a fancy word for steal, a ton of data.

And they did so, all undetected. So they didn't have the systems in place to be able to catch the fact that all of this data was being pulled out. Why weren't they detected? Well, because Equifax had crucially failed to renew their encryption on their internal servers and security tools.

And what also puts them at the top of the wall of shame, as if all of this wasn't enough, is that Equifax didn't publish to the public about this breach until more than a month after they discovered it had happened.

The timeline.

The data breach happens. Time goes by. They eventually discover the data breach. And then they do a bunch of things before they tell any of the people that were the victims. That's what leads them to the top of the wall of shame. And during that time, stock sales, by top executives, give rise to accusations of insider trading.

What that means is, top executives know once this hits the public, our stock is going to tank. We're going to sell our stock now, and we're going to buy future options, called Puts, which go up in value when the stock price goes down. And lo and behold, that's exactly what they did.

The Equifax breach affected 143 million people, almost one half of the entire US population. Think about that. Half of the entire population and the names, addresses, dates of birth, social security numbers, many driver's license numbers, payment history, private financial records, payment to healthcare organizations-all stolen.

Think about the damage that will happen whan all that data, worth billions of dollars on the Dark Web if sold, gets leaked and published.

All of that information was exposed and was stolen, Right?

Silence.

A Massive Series of Crimes

Yet Nobody Claims Victory

So who were the threat actors? Who were the hackers? The threat actors who committed this monumental heist, right? Who were they? Who are these cyber criminals that caused the largest financial breaches in U.S. history?

The Equifax breach involved the exfiltration (theft) of veery private, valuable financial information of nearly half of the entire US population.

It would be worth billions of dollars.

There would be identity theft claims tied to the breach.

Cyber Crime Gangs would claim victory, as they always do, posting about their conquest on their sites.

In fact, after the event everyone was watching.

Was it BlackCat? LockBit? CLOP? Conti? REVIL? Hive? Other popular gangs back then?

Who gets to brag about it and collect all the stolen bounty?

Crickets. Nothing. No sound from anyone.

Nobody claimed victory. Nobody has seen any of the data sold or leaked anywhere by anyone.

No identity theft occurred tied to the event?

Why?

To understand the answer, we have to understand the long game being played. The context.

That will be covered next.

Find out how to protect yourself and your organizations brand. Reach out to us.

If you are interested in any Managed IT services or Award-Winning Cybersecurity Services, reach out to me for an independent holistic Roadmap.

We are here to help. Our team at All Covered-Konica Minolta is a Top-rated Cybersecurity Firm covering all of North America, located right here in the Midwest, US.

David Mauro,?Strategic Manager?Central U.S.?

Konica Minolta?Managed IT North America?

[email protected]

To See more exclusive interviews check out?CYBERCRIMEJUNKIES.COM

Kindly Share & Follow