Attachment: signature.asc

The PGP Signature attached to the equifax hack response email.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZsztpAAoJEAhZPbtpB0Q42DIQANIKD/Z3hCD3JeYC1LraZA8m
p5ZfR+Nfju6QimXG8LwKg893P97UwXkFO5BzVvsPVHJq1k5P1mCTlN/wGXi31Nfn
MLkbZhQR/glGx3F7Tb+Fe17DO5YzW75Epaa8eAqgLf2I9ULG5RrdsqfoU4ACZ3Lu
7pFOjF+2PtmfkMaEG8UIZv6HPOuS7S1maPP9sq6MQncwPufwrNkB7vKHYK/zsVLY
07tPQIRXEFOecBPt0R26+/MLCffGlwqKva6TN8yusbjixB151ap9FAFKdFlPS7hA
whTbMpgLUK+o8LgNBpcfPaI9zgPOkNUH4BOWCtRj6CxzoeYVMx04ox0Lj/GuRyRH
fQzilr9yI7Svv42PHCIVTPUE5xsAcfl1pQA55oESa5AzHrxSnqDCtNsWEdsyHElK
4yiva+DDQ8/gd1p929YaKV96ler4L/2Rn0e1vIuHQvUE2e/HCLPxj8AcWfijYguY
uHV1yg8FBlrPk9ulugC1F5GXSskK79i1waQjsFIAHJ6eXM2OaaKnT9hHP/C1/RYz
OpLJkNb5AJPLhsgDu2LIdI/7fH2EbUJkal33LeuwBF+EbYCpWCq3Oq4bRyIK1P8X
UVo/izmPV43vIai3v+s/D63MZsWwnKU/0cXp4lz0T5HxDJ+UUIjWr2kVrSvqxO6M
tgE4BlgJazrfGVHeiBQ1
=FQKA
-----END PGP SIGNATURE-----

Complete PGPKey posted on their contact page:

-----BEGIN PGP PUBLIC KEY BLOCK----- 
mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+ WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1 QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7 bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5 PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7 pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ 4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b 6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ 4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8 cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI /aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/ oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l 09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/ sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU =ECQC
-----END PGP PUBLIC KEY BLOCK-----

[email protected] Equifax Hacker Email Address from badtouchyonqysm3.onion

The alleged equifax hackers have posted a contact email address of [email protected]

Despite its similarity, this email address is unaffiliated with the domain: https://nationalshitposting.agency/

The domain the email address is registered to, shitposting.agency was made under a private registration on 2015-03-07, far before the equifax hack took place.

shitposting.agency is a disposable email domain

I’ve sent an email to this address and verified it is working -delivered after 1 attempt.

    "delivery-status": {
        "tls": true,
        "mx-host": "mx1.cock.li",
        "attempt-no": 1,
        "description": "",
        "session-seconds": 1.7955520153045654,
        "code": 250,
        "message": "OK",
        "certificate-verified": true
    },

Equifax Hacker PGP Key from badtouchyonqysm3.onion 

The PGP public key of the alleged Equifax Hackers as posted on their website at badtouchyonqysm3.onion

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+
WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH
VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc
YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1
QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC
a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw
T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO
KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn
ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7
bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P
DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB
tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5
PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B
AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD
ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7
pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ
HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ
4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD
lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L
aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b
6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ
4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI
Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv
qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl
wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou
l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA
XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX
fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa
IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N
s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y
U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f
nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8
cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx
R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb
xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR
AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS
lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ
IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz
XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI
/aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/
oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l
09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc
MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y
UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN
dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/
sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN
AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU
=ECQC

-----END PGP PUBLIC KEY BLOCK-----

badtouchyonqysm3.onion Equifax Hack Ransom Request Site

The alleged equifax hackers have declared their ransom with the following website posted on a darknet tor page:

badtouchyonqysm3.onion – As gathered from the tor browser:

 EQUIFAX DATABASE Personally identifying information (included Social Security numbers, birth dates, addresses and driver’s license numbers) of more than 140 million people. More than 200000 credit card numbers.

 

 How can we verify that you have the information? Request a specific part or a specific data from an email that corresponds to Equifax and we will send it to you. We can also accept escrow from an unbiased third party (a hidden market).

 How much? Equifax executives sold 3 million dollars in shares taking advantage of their insider information after the attack. We believe that 600 BTC is a fair amount. Bitcoin If we do not receive the payment, the information will be published here on September 15th 4:00 pm UTC.

Contact Us Page:

 Contact Us Only questions of the managers and employees of Equifax will be answered. We will help you with your security after paying. We may change the email so save our PGP key.

In the source code of the website, it is declared:

 The synthesized database will be published on September 15. Contact me: pasthole@national.shitposting.agency

The ransom request requires Payment of 600 BTC to:

Bitcoin Payment Address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy
Bitcoin Ransom Payment Address

 

The site may be hosted by onionsnjajzkhm5g.onion /  dhosting4okcs22v.onion – a free tor website hosting service. According to their records, the site was added to their list on the morning of September 8th. The smtp servers (email servers) of the badtouch site point to dhosting4okcs22v.onion, but they may be using dhosting only as an email service.

INFO: Found SMTP Banner: 220 dhosting4okcs22v.onion ESMTP Postfix (Debian/GNU)
(f1f8f082294b8cabe944250a081f5e528cd8f251)

onionsnjajzkhm5g.onion Listing
onionsnjajzkhm5g.onion Listing

 

The website seems to be using a template sourced from http://www.omnisourceit.com/nh_web_design_samples/guardian/guardian/

I’ve reached out to OmniSourceIT to see if they can provide further information on who may have downloaded the template.