An email from the Russian Equifax Hackers

I emailed the Equifax hackers at the email posted on their darknet site and they responded with the following:

We are processing information is not a single file and we must still
unite which data correspond to which people.

We are not going to give interviews.

We do not have expectations to collect anything so that on the 15th
everything will be published except the credit cards.

09/15 at 4pm UTC


PastHole
Оборудование для взлома

Note the Russian signature, loosely translated by Google translate to: “Equipment for hacking”. A quick google search says the name may have to do with Wardriving – an old technique for picking up insecure wifi for mobile roaming wifi. It is rather presumptuous to say they’re a Russian hacking group, but the Russian signature does raise an eyebrow.

The email is signed with their PGP signature.

3 thoughts on “An email from the Russian Equifax Hackers”

  1. I can confirm that the translation is correct, they could be selling hardware on some darknet website and this is their way of advertising. Not sure how it’s related to “wardriving” though.

    also, that’s a cock.li domain

    Reply
  2. So…let’s say this is true for conversations sake. The hackers had full access to run ad hoc select statements against the tables and place the results in a file (delimited). They are now in the process of loading the files into tables and will run queries to join the tables and produce meaningful results.

    This means the Application account at Equifax had more than just access to stored procedures. Assuming the Strut Rest vulnerability here.

    What doesn’t make sense is why not looking to collect anything. They make it come across as they are going to expose everyone’s history for free public consumption. Motive? Need a good fiction writer to figure it out. My gut tells me if that is the case, then it was hacked from within the States.

    Reply

Leave a Comment