{"id":9214,"date":"2017-09-11T08:45:34","date_gmt":"2017-09-11T16:45:34","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/11\/news-2987\/"},"modified":"2017-09-11T08:45:34","modified_gmt":"2017-09-11T16:45:34","slug":"news-2987","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/11\/news-2987\/","title":{"rendered":"The Self-Proclaimed Equifax Hackers Are Likely Nothing More Than Amateur Scammers"},"content":{"rendered":"<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Mon, 11 Sep 2017 16:10:15 +0000<\/strong><\/p>\n<p> On Thursday, <a href=\"https:\/\/motherboard.vice.com\/en_us\/contributor\/lorenzo-franceschi-bicchierai\">credit monitoring firm Equifax revealed hackers had breached its servers<\/a>, stealing the sensitive, personal information\u2014including social security numbers\u2014of around 143 million Americans. Shortly after the news of the breach became public, <a href=\"http:\/\/mashable.com\/2017\/09\/08\/equifax-hackers-bitcoin-ransom\/#Vqlnrf5WZkqO\" target=\"_blank\">someone claimed responsibility for it on the dark web<\/a>.<\/p>\n<p> &#8220;We need to monetize the information as soon as possible,&#8221; the alleged hackers wrote on an Onion site they set up <a href=\"http:\/\/mashable.com\/2017\/09\/08\/equifax-hackers-bitcoin-ransom\/#Vqlnrf5WZkqO\" target=\"_blank\">on the dark web<\/a>, demanding Equifax pay 600 Bitcoin (around $2.5 million). If Equifax didn&#8217;t comply, the alleged hackers said they would post all the stolen data (except for credit card numbers) online on September 15. <\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"y5obxnt\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p> Over the weekend, however, the already dubious claims of the alleged hackers started to unravel. Security researchers found that it was easy to partially de-anonymize the alleged hackers&#8217; website, <a href=\"https:\/\/wvualphasoldier.wordpress.com\/2017\/09\/09\/finding-the-alleged-equifax-hackers\/\" target=\"_blank\">revealing the hosting provider<\/a> and <a href=\"https:\/\/pirate.london\/fake-equifax-hacker-website-shut-down-following-deanonymisation-7f30b64cc99a\" target=\"_blank\">the IP address of their email provider<\/a>. <\/p>\n<p> As a result, the alleged hackers&#8217; website hosting provider suspended the site. Now, instead of the ransom message and their contact information, the site only displays a PSA.<\/p>\n<div class=\"article__media\"><picture class=\"article__image\"><source media=\"(max-width: 25em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png?resize=400:*, https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png?resize=600:* 2x\"><source media=\"(max-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png?resize=650:*, https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png?resize=975:* 2x\"><source media=\"(min-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png?resize=694:*\"><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/_uncategorized\/1505145908738-Screen-Shot-2017-09-11-at-103454-AM.png\" alt=\"\"><\/picture>\n<div class=\"article__image-caption\">A screenshot of the message displayed on the alleged hackers&#8217; site after their hosting provider suspended them.<\/div>\n<\/div>\n<p> &#8220;Yesterday I deleted the site after reading the first mail about it and deciding it was a scam,&#8221; Daniel Winzen, the owner of Daniel&#8217;s Hosting, told Motherboard in an online chat.<\/p>\n<p> Before Winzen posted the PSA, the hackers put up <a href=\"https:\/\/pastebin.com\/fzrsR6yb\" target=\"_blank\">a different message<\/a> on the site, claiming the &#8220;feds&#8221; had suspended it, according to Winzen. <\/p>\n<p> The owner of their email provider, <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/4xadmb\/the-story-of-cockli-the-site-used-to-shut-down-the-la-school-district\">Cock.li<\/a>, also <a href=\"https:\/\/twitter.com\/gexcolo\/status\/906789811859738624\" target=\"_blank\">said<\/a> that he had suspended their account. <\/p>\n<p> <b> Read more: <\/b><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/5997gz\/equifax-social-security-number-outdated\"><b> More Like Social Insecurity Number, Amirite?<\/b><\/a><\/p>\n<p> &#8220;This spells the end for these Equifax scammers \u2014 until next time!,&#8221; security Chris Monteiro wrote in <a href=\"https:\/\/pirate.london\/fake-equifax-hacker-website-shut-down-following-deanonymisation-7f30b64cc99a\" target=\"_blank\">his blog post<\/a>.<\/p>\n<p> Over the weekend, the alleged hackers responded to an email from Motherboard declining to do an interview, saying their only intention was to &#8220;to solve this issue with EQUIFAX.&#8221; They also offered to verify their claims by providing the information belonging to three people whose email addresses are &#8220;on the list.&#8221; As far as anyone knows, however, no emails were stolen in the Equifax breach. <\/p>\n<p> Equifax did not immediately respond to a request for comment.<\/p>\n<p>We are unable to confirm, then, whether these are actually the hackers or not, but the security researcher community isn&#8217;t taking them at their word.<\/p>\n<p> <b> <i> Get six of our favorite Motherboard stories every day <\/i><\/b><a href=\"http:\/\/motherboard.club\/\" target=\"_blank\"><b> <i> by signing up for our newsletter<\/i><\/b><\/a><b><i>.<\/i><\/b><\/p>\n<p><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/ywwakw\/the-self-proclaimed-equifax-hackers-are-likely-nothing-more-than-amateur-scammers\" target=\"bwo\" >https:\/\/motherboard.vice.com\/en_us\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/59b6ad7c746f281ec5b001c3\/lede\/1505146109983-equifax.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Mon, 11 Sep 2017 16:10:15 +0000<\/strong><\/p>\n<p>The alleged hackers already got their dark web site and email suspended over suspicions that they\u2019re not really who they claim to be.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,13328,10378],"tags":[4500,10615,11172,12310,6272,3919,10573,3985,10512],"class_list":["post-9214","post","type-post","status-publish","format-standard","hentry","category-independent","category-motherboard","category-security","tag-cybersecurity","tag-dark-web","tag-data-breach","tag-equifax","tag-hackers","tag-hacking","tag-infosec","tag-scam","tag-scammers"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9214"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9214\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9214"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}