The Self-Proclaimed Equifax Hackers Are Likely Nothing More Than Amateur Scammers
The alleged hackers already got their dark web site and email suspended over suspicions that they’re not really who they claim to be.
On Thursday, credit monitoring firm Equifax revealed hackers had breached its servers, stealing the sensitive, personal information—including social security numbers—of around 143 million Americans. Shortly after the news of the breach became public, someone claimed responsibility for it on the dark web.
"We need to monetize the information as soon as possible," the alleged hackers wrote on an Onion site they set up on the dark web, demanding Equifax pay 600 Bitcoin (around $2.5 million). If Equifax didn't comply, the alleged hackers said they would post all the stolen data (except for credit card numbers) online on September 15.
Over the weekend, however, the already dubious claims of the alleged hackers started to unravel. Security researchers, such as Jonathan Nichols, found that it was easy to partially de-anonymize the alleged hackers' website, revealing the hosting provider and the IP address of their email provider.
As a result, the alleged hackers' website hosting provider suspended the site. Now, instead of the ransom message and their contact information, the site only displays a PSA.
"Yesterday I deleted the site after reading the first mail about it and deciding it was a scam," Daniel Winzen, the owner of Daniel's Hosting, told Motherboard in an online chat.
Before Winzen posted the PSA, the hackers put up a different message on the site, claiming the "feds" had suspended it, according to Winzen.
Read more: More Like Social Insecurity Number, Amirite?
"This spells the end for these Equifax scammers — until next time!," security researcher Chris Monteiro wrote in his blog post.
Over the weekend, the alleged hackers responded to an email from Motherboard declining to do an interview, saying their only intention was to "to solve this issue with EQUIFAX." They also offered to verify their claims by providing the information belonging to three people whose email addresses are "on the list." As far as anyone knows, however, no emails were stolen in the Equifax breach.
Equifax did not immediately respond to a request for comment.
We are unable to confirm, then, whether these are actually the hackers or not, but the security researcher community isn't taking them at their word.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.