Equifax breach shows signs of a possible state-sponsored hack

This might not have been a simple smash-and-grab.

Updated ·2 min read
Reuters/Brendan McDermid

Ever since word of the Equifax hack got out, there's been one lingering question: was it a state-sponsored attack, or just criminals who took advantage of a security hole? At the moment, it looks like it might be the former. Bloomberg sources have shed light on the ongoing investigations into the breach, and they claim there are signs of a government's involvement. The initial group of hackers weren't particularly experienced, according to the tipsters, but they handed things over to a more "sophisticated" team. There are even hints that this might be the work of Chinese intelligence agents, although it's not yet clear who's responsible.

The insiders say that "many" of the tools used in the hack were Chinese in origin, and that there are similarities to China-backed breaches targeting the health insurance firm Anthem and the US government's Office of Personnel Management. Also, none of the stolen data has surfaced online -- whoever took it wasn't in a rush to profit. This was a "'get as much data as you can on every American' play," one of Bloomberg's contacts said.

However, sources aware of federal investigations say only that there's evidence of a state-sponsored attack, not that it points to any one country. Equifax's security consulting partner, Mandiant, wrote as recently as September 19th that it couldn't identify the culprits or where they came from.

As it is, Equifax may have been its own worst enemy in the early days of the breach. The company had hired Mandiant to look into earlier security issues, but there was a he-said-she-said fight over Equifax's security in the weeks surrounding the hack. Equifax reportedly thought Mandiant had sent rookies to look into the vulnerabilities of its systems, while Mandiant decried what it saw as unpatched systems and sloppy policies. An Equifax spokesperson told Bloomberg that it has had a "professional, highly valuable relationship" with Mandiant and isn't commenting on its ally's investigation, but the scoop suggests that the squabble may have hurt the chances of a timely fix for the flaw that compromised 143 million Americans.

Whatever contributed to the incident, there are significant ramifications if there's a foreign power involved. If it's China, it'd be a huge violation of the US-China agreement that was supposed to put an end to hacking campaigns. Many didn't expect either side to fully honor the pact, but this would be an overt violation. And if it's another known country with state-sponsored hacking, like North Korea or Russia? That wouldn't be any better, as it would exacerbate already high tensions. No matter who's behind this, things could get very thorny very quickly.