equihxbdrjn5czx2.onion Another Equifax Hack Tor Site

Another darknet site has popped up for the equifax hack, although no large data samples have been provided to give us convincing proof the site is real, they do provide some alleged screenshots of internal equifax management systems.

As a “Sample” of the data, they provide the SSN, DOB, and address of Donald Trump, Kim Kardashian, and Bill Gates – although this data is hardly proof as you can find all the information on these three people publically in google.

The sample screenshots appear to be taken by a Mac.

 

The Ethereum and Bitcoin addresses provided for the ransom have not received any payments as of yet:

https://etherscan.io/address/0x8D992F58f3887cCD72A14FE29aD22Ed0789f70Ef

https://blockchain.info/address/1KELNpR9ECN46QaNGxPhoJDL4iqaa7Hgch

The email provided, EQUIHAX AT PROTONMAIL.COM, has been reported to ProtonMail’s abuse team.

PGP Key given on the site:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFm4OK8BEADaaP8xnUpFEE1YJlVR5klWHV47nTx4KxwmULMNlWkLc3y5HXlf
f1mJOMAs5Iad+/R/klcx7724Nt6rGCNyHosbUHVD4lPKf3+ogF/WHOly1Lnmuelf
k4biDT8UpmajsTN2F+aUpJWNFmIELPDXijbRTFMDLeWirJW75J48vfmTAcbLH1AZ
TqO5vNbLuR95lIu1d7S+gFUy8gpNfAejHtP4yRzZvcSSQHTTKcK8bxdyXfGvLAn6
jKqDcPG9aoCd9r0zxn2LSvJ1gKE41ikhflypE+maNxl6L7cgcnwPw4WCN3DdZFoi
o/bCuL8POZILaAe3xgiUoKcdgonAVZ1Y6J9QEXU6AwoMbGMLViScd7zwNWSx11uO
+NrHQLCOabtrtMndn/jhLkd+m+mZCfDdJejXwkJV9RYq/Q+1C7IsE0qsYLnUvQsE
U/vBaUtAyQdvvRC1SguyGs6pdpF88c+qi18d4at82Hu+p6AFEyoiOXwI+a/E6Fz2
yhDvF1UxRQREsRfguhv7uimpawzDaqhOXJptV53v+8oag54089t9NIn8DyCjOm3x
+DkUAJY0+Zes3tLQNolSDyAfEjTbs6n9TGtXYiO1pMX2OHXahUn+/cXF6+YS80RM
CgWz54wEKSD9Z4O0y6ZRn/gr/3xKQZvDY1M8r25bdKycZTFV/2t3qAL5EwARAQAB
tCBFcXVpaGF4IDxlcXVpaGF4QHByb3Rvbm1haWwuY29tPokCPgQTAQIAKAUCWbg4
rwIbAwUJACeNAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQRzLv2DrOFtcn
SQ//eJZCCF+L/nItmi9i36jnyYolFB3HjShZ/cKF+JzNfPfOOM/r9SCiUlTPd5MD
wrmG4HKY97n2EE4Iq36wXyDJOEkyJgH4gxiKtjUYhfhxnWKPaF/pfJxMQCKJ47az
rvnN7z/Z1CjB/xNBJPVc4iS2qTt6OM+Ted11VdmLiGGKAjevyCQH0mz16R5SljCg
wwdmHFHGozFy7k23dd0mmbgL0YTu+Rka17eugp/rBAfMoIF6UMc1eakuLcJpl08w
744z6jNEjt0xAXi/eLIkNxrG7wAfBcjpFpPIFckena3Y3Fp+6n+LSjemVvfSp00m
FFBOog5+2L4Hab4b7KglmM1LiOibIJWOTvvCe3MD8puzmJCmEmVUaD41vnQSkGqR
xLMkcF0BW+u1ThA8iuvqNe/wvRJQvgpSi7kDr8bTdGnk1JXyx4cP1jRdJolEcnJQ
Qw1TL7Uoztj8FgUZhmmiLxfSUY3EeFbE/RoYhIzN7G7s1cK28v+zeVx61Tq85Iyx
Q4/tbS9DfwS4Oc7bdCdTFt+FPkp4v4ikyk8qv9hdyJCKYAjtDkVjaMsKGilv2jvs
PgrWk0G1JPkGxZPJYmhIKM4lWsdb7+A6LIccjKZaA6kIg1JYt4YbGKgJwDvBpZ8Q
bRTvoBo45a605LCDdgb2JX50a7rCOsqNnxoFIme1CCZnDde5Ag0EWbg4rwEQAMMz
gXvpbH1NAmGFSMNYMXzuaURQuF3RlyzwxVFYQLg9ot+pmBJsvGFGO77a1itfbXFP
WLhJtuMzbuRHyh6qaFv0mhFANxXUvD+2wLNXJs5KiPZrMLH8WEn1E9RAaAQKLgkh
a2oQgo5UF2zlp+9IZ6YCllaUkCGWR7GaKvwz6IKpvHpb8IZ89WKj25iuP2/nIycJ
0sRHArSxc+pQ4ZjFS1xOm2Mt5bLLq4keW4OK9qwXjVge5e7G0eG+p3gxraT4Eman
5uIM53R25sKBXI9gh+TRZNtVdA++aiihnCRwWmjLdnTuV+rrSXWIkxMXbeQeDryL
aM+3UgH9oNfKt5hZYydqc0t4DhYX1oHyiWCGuqQ4w3gbWZUG4h1XjbevoohZMw3x
qf/j9gomr73hCino5kC1PTh+Q43s2E5fxgYWk4l3GrcBnvSnPiUjiWKvrTYxiGbB
ibu3YEg3MS6KP0ICBOnVhWRyG0RvFEbgvhcDkD+ojQylRccgekZJGMbSDeht/Rcq
1ctVSeTBeGUmkOC5r2e9nDIaIwj2J1cB6WpIBt5GU9HAcvwpq41UEBQQDNR03liv
hfb80F61JP+IEo5HQa93u7a+fVsuFnYJCfKDIfQzB1hBFPZjEACl7jN7JTYVTAzQ
MNwmMo4kidHZ15fZxVlAjdvqcZdM/eeosL2zXIvJABEBAAGJAiUEGAECAA8FAlm4
OK8CGwwFCQAnjQAACgkQRzLv2DrOFtfrNxAAvMhdnhGhM8twnyA/SQyNxgjpa2A1
XVkbdtN8K+FSsvFJ5DPrXYotaoyziAkKlrWrLyjAgsmuYXyNEQrufo2UbQVyqlcv
/WqYAbZNrRdiXRyTNQCtRim312mYCv1wdB28kSQRiFfI3BfGN3TWfzNN6pN05ymo
4z8AmCfUALMYFiehECQK8c1tF8cKxzu5guPkpgrrSs7X8YPapSY+mtWkUbn/By4l
2O3BNvp8LMh3pfRI6fyaHY7nVNaN/QbWfONqJ5kqDSIixu++tvWxzv45b04sjZJY
miJkyxVqqVfSddFxeAEyTZXMMm1oGGBCm69bFIzSsvBRt5gs6295Z1jxd1ZPWIGM
RKW5qpFGALj8+6qobRLEPu8T/RBUWUXmehX7HYIP/WBEkyDwf5cYwDuPQnKtyqPE
ODpkh6019/KzNwydg9Z90GpRzXHrBDEsk0eQiyRocSCKH+z8Jn8+qNnjvDvVxcl1
t8uKY19ggkbjN6zkesb4ta9B3FNP2BEod5n0HOTXiMp6fgdMDNrR39//sZY/c/4v
VN2ATU5Hd2H7yaGD5YJUBFjld4vy7L4MJTkAoT0Yun1RLle8pTKTa9dVw9mCofUE
YxMFYJjB1cd2nohXCfejmL7H8pXUxk3qzCRuQCq72/1sFk+svlljlVlGC0ojDYc/
d0A/mEK67UFQ7KA=
=VAaR
-----END PGP PUBLIC KEY BLOCK-----

PastHole Hacking Team

The PastHole hacking team is the hacking group claiming responsibility for the 2017 Equifax data breach – affecting nearly half of the US population.

Their only contact with the outside world has been through their ransom request site badtouchyonqysm3.onion as well as their anonymous email [email protected].

The group may have a Russian origin based off the tag “Оборудование для взлома” added to the bottom of one of their email responses.

 

Attachment: signature.asc

The PGP Signature attached to the equifax hack response email.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZsztpAAoJEAhZPbtpB0Q42DIQANIKD/Z3hCD3JeYC1LraZA8m
p5ZfR+Nfju6QimXG8LwKg893P97UwXkFO5BzVvsPVHJq1k5P1mCTlN/wGXi31Nfn
MLkbZhQR/glGx3F7Tb+Fe17DO5YzW75Epaa8eAqgLf2I9ULG5RrdsqfoU4ACZ3Lu
7pFOjF+2PtmfkMaEG8UIZv6HPOuS7S1maPP9sq6MQncwPufwrNkB7vKHYK/zsVLY
07tPQIRXEFOecBPt0R26+/MLCffGlwqKva6TN8yusbjixB151ap9FAFKdFlPS7hA
whTbMpgLUK+o8LgNBpcfPaI9zgPOkNUH4BOWCtRj6CxzoeYVMx04ox0Lj/GuRyRH
fQzilr9yI7Svv42PHCIVTPUE5xsAcfl1pQA55oESa5AzHrxSnqDCtNsWEdsyHElK
4yiva+DDQ8/gd1p929YaKV96ler4L/2Rn0e1vIuHQvUE2e/HCLPxj8AcWfijYguY
uHV1yg8FBlrPk9ulugC1F5GXSskK79i1waQjsFIAHJ6eXM2OaaKnT9hHP/C1/RYz
OpLJkNb5AJPLhsgDu2LIdI/7fH2EbUJkal33LeuwBF+EbYCpWCq3Oq4bRyIK1P8X
UVo/izmPV43vIai3v+s/D63MZsWwnKU/0cXp4lz0T5HxDJ+UUIjWr2kVrSvqxO6M
tgE4BlgJazrfGVHeiBQ1
=FQKA
-----END PGP SIGNATURE-----

Complete PGPKey posted on their contact page:

-----BEGIN PGP PUBLIC KEY BLOCK----- 
mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+ WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1 QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7 bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5 PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7 pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ 4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b 6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ 4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8 cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI /aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/ oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l 09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/ sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU =ECQC
-----END PGP PUBLIC KEY BLOCK-----

An email from the Russian Equifax Hackers

I emailed the Equifax hackers at the email posted on their darknet site and they responded with the following:

We are processing information is not a single file and we must still
unite which data correspond to which people.

We are not going to give interviews.

We do not have expectations to collect anything so that on the 15th
everything will be published except the credit cards.

09/15 at 4pm UTC


PastHole
Оборудование для взлома

Note the Russian signature, loosely translated by Google translate to: “Equipment for hacking”. A quick google search says the name may have to do with Wardriving – an old technique for picking up insecure wifi for mobile roaming wifi. It is rather presumptuous to say they’re a Russian hacking group, but the Russian signature does raise an eyebrow.

The email is signed with their PGP signature.

[email protected] Equifax Hacker Email Address from badtouchyonqysm3.onion

The alleged equifax hackers have posted a contact email address of [email protected]

Despite its similarity, this email address is unaffiliated with the domain: https://nationalshitposting.agency/

The domain the email address is registered to, shitposting.agency was made under a private registration on 2015-03-07, far before the equifax hack took place.

shitposting.agency is a disposable email domain

I’ve sent an email to this address and verified it is working -delivered after 1 attempt.

    "delivery-status": {
        "tls": true,
        "mx-host": "mx1.cock.li",
        "attempt-no": 1,
        "description": "",
        "session-seconds": 1.7955520153045654,
        "code": 250,
        "message": "OK",
        "certificate-verified": true
    },

Equifax Hacker PGP Key from badtouchyonqysm3.onion 

The PGP public key of the alleged Equifax Hackers as posted on their website at badtouchyonqysm3.onion

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+
WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH
VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc
YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1
QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC
a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw
T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO
KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn
ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7
bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P
DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB
tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5
PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B
AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD
ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7
pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ
HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ
4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD
lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L
aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b
6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ
4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI
Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv
qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl
wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou
l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA
XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX
fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa
IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N
s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y
U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f
nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8
cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx
R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb
xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR
AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS
lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ
IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz
XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI
/aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/
oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l
09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc
MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y
UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN
dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/
sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN
AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU
=ECQC

-----END PGP PUBLIC KEY BLOCK-----

Equifax Ransom Address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy

The equifax hackers have requested a rasom to be paid to their bitcoin address at 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy

If 600 BTC (approximately 2.5 Million USD) is not paid by 15 September 2017, the hackers have threatened to release the data online.

So far, no transactions have been sent to that address: https://blockchain.info/address/17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy

badtouchyonqysm3.onion Equifax Hack Ransom Request Site

The alleged equifax hackers have declared their ransom with the following website posted on a darknet tor page:

badtouchyonqysm3.onion – As gathered from the tor browser:

 EQUIFAX DATABASE Personally identifying information (included Social Security numbers, birth dates, addresses and driver’s license numbers) of more than 140 million people. More than 200000 credit card numbers.

 

 How can we verify that you have the information? Request a specific part or a specific data from an email that corresponds to Equifax and we will send it to you. We can also accept escrow from an unbiased third party (a hidden market).

 How much? Equifax executives sold 3 million dollars in shares taking advantage of their insider information after the attack. We believe that 600 BTC is a fair amount. Bitcoin If we do not receive the payment, the information will be published here on September 15th 4:00 pm UTC.

Contact Us Page:

 Contact Us Only questions of the managers and employees of Equifax will be answered. We will help you with your security after paying. We may change the email so save our PGP key.

In the source code of the website, it is declared:

 The synthesized database will be published on September 15. Contact me: pasthole@national.shitposting.agency

The ransom request requires Payment of 600 BTC to:

Bitcoin Payment Address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy
Bitcoin Ransom Payment Address

 

The site may be hosted by onionsnjajzkhm5g.onion /  dhosting4okcs22v.onion – a free tor website hosting service. According to their records, the site was added to their list on the morning of September 8th. The smtp servers (email servers) of the badtouch site point to dhosting4okcs22v.onion, but they may be using dhosting only as an email service.

INFO: Found SMTP Banner: 220 dhosting4okcs22v.onion ESMTP Postfix (Debian/GNU)
(f1f8f082294b8cabe944250a081f5e528cd8f251)

onionsnjajzkhm5g.onion Listing
onionsnjajzkhm5g.onion Listing

 

The website seems to be using a template sourced from http://www.omnisourceit.com/nh_web_design_samples/guardian/guardian/

I’ve reached out to OmniSourceIT to see if they can provide further information on who may have downloaded the template.