Equifax security breach worse than you thought, cyber-security expert says

News - September 21, 2017

By Ray Hagar
Nevada Newsmakers

The breach of personal information from credit monitor Equifax is much worse than the public probably realizes, a leading cyber security expert said on Nevada Newsmakers Thursday.

"Whatever you've heard about Equifax, it's much worse," said Ira Victor, digital forensic analyst for DiscoveryTechnician.com.

First, Equifax executives knew of the breach months before they first reported it early this month, he said.

Also, the special support web site Equifax set up so customers could see if their personal information (social security number, birth dates and even driver's licenses numbers) has also suffered breaches, Victor said.

The breach on Equifax's support web site has the potential to even be more sinister since it also also asked for the last six digits of your social security number to find out if you were compromised.

"Equifax has set up a site that politicians across the country and in Nevada have told citizens to visit to see if they have been breached and sign up for this Equifax service," Victor said. "That site has terrible data security and I saw it within five minutes after going to that site the day the breach was announced. It is so bad that even if you have slight computer skills, you can see the site has poor security."

Equifax knew of the breach months before it was announced, Victor said.

"They knew for weeks," he said. "It is not like they found out in the morning and threw this (support) web site together. They knew for weeks that they had been breached. And this is part of the worst news that has just come out within the last few days that Equifax, said 'Oops, we thought the intruders were in there in May, but they were there months before.' "

Earlier this week, the Minneapolis Star Tribune reported that Equifax learned about a major breach of its computer systems in March — almost five months before the date it has publicly disclosed.

The revelations of a March breach also will complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives, the Star Tribune reported.

August regulatory filings show senior Equifax executives sold shares worth almost $1.8 million in the month before the breach was announced, making the executives vulnerable to charges of insider trading, according to the Star Tribune.

"We had senior (Equifax) executives that were dumping their shares and they said, 'No, there was no connection to the breach because that (stock sale) was planned before it was discovered," Victor said. "So now that calls into question, what did they know about this in March?"

The U.S. Justice Department has opened a criminal investigation into the stock sales, according the Star Tribune. Equifax has said the executives had no knowledge that a breach had occurred when the transactions were made.

The Equifax breach has impacted 143 million U.S. consumers, according to reports. But it is just one factor in a larger crisis, Victor said.

"What we are seeing with Equifax is the tip of the iceberg -- about how bad the data security system is in our country and around the world," Victor said.

Cyber crime is expected to cost global businesses $8 trillion over the next five years, according to Juniper Research, who clients include IBM, Intel, Verizon and T Mobile.

"This is just like a train wreck, but worse," Victor said.

"The main Equifax website, the one that was always running even before this breach happened, security researchers have looked at that site and found serious security problems," he added.

Victor said he is often asked why can't companies "figure out" cyber security.

"This is the reason why: All these big and small companies have an approach to data security that they have been using for 40 years," Victor said.

"They take a highly insecure system, a Windows computer, a Windows system and routers -- and all of these systems were engineered to be open and inter-operational," Victor said. "Then someone in IT (information technology) says we need to add security over this. So they place these gizmos on top of an insecure system. And when you take a fundamentally insecure system and add more gizmos on top of it, you add complexity. You make the system less secure.

"There was a large breach a few years ago in the state of South Carolina when their entire income tax data was breached," Victor added. "All that data for their state income tax system was made available for cyber criminals.The answer from the political officials was, 'We're buying more firewalls.' So they're buying more gizmos to add on to the insecure system.

"The definition of insanity is that you keep trying the same thing and expect a different result and that is what we are seeing," Victor said.

All data and credit reporting companies "are using the same security model," Victor said.

"They take an in secure system and add on complexity and somehow magically, it is going to be more secure -- but it is less so," he said.

Victor says there are ways for consumers to fight back:

Don't give out personal information so easily: "When a business asks you for your personal identifiable information, stop for a second and say, 'Wait a minute, can't you give me a unique number that is in your data base as my customer number? Why do you need my social security number for me to do business for you?' People need to start pushing back."

Freeze your credit accounts: "Unless you are going out and applying for loans month after month, it does not hurt to do a credit freeze," Victor said. "You can send a letter to Transunion or Equifax and say I want my credit frozen for the next 90 days and they have to do that for free. What people can do is print out a year's worth of those letters and then put them in an envelope and date them. Then you send them out four times a year. When the three months is up, send those letters out again and all it cost is three or four stamps and it is much less expensive than someone getting your information."

Don't be a fool: "You can make a difference, you can actually make it harder for the bad guys to get to you," Victor said. "And if the bad guys don't get to you, they will get to somebody else. And, I'm sorry to say, the person who says they don't care, let them be the one who is compromised."

Read full article

Recent Articles:

Home delivery for marijuana coming to Nevada, maybe marijuana lounges, too, Segerblom says
News - September 18, 2017

"We're doing it right now for medical (marijuana). It works perfect. The police like it. Obviously, you have to verify who is getting it but it is no different than someone going to a store, showing an ID and buying it." State Sen. Tick Segerblom, D-LV, on the possibility of home delivery in Nevada for recreational marijuana

GOP gubernatorial candidate Schwartz won't take money from lobbyists, major political donors
News - September 14, 2017

"The pay-to-play in this state is just out of control and it is funded by lobbyists and it is funded by big donors. Ultimately, we elect these people and the pay-to-play people get what they want from the people we elect." State Treasurer Dan Schwartz, running for governor in 2018

Kihuen's immigrant roots, quest for 'American Dream' push him to seek DACA reform
News - September 13, 2017

"If I've become so engaged in this (DACA) particular issue, it is because I see these young Americans suffering and going through fear, fear of deportation. They are hiding in the shadows. It reminds me of a young Ruben Kihuen when I was in their shoes. These youths are in the same position I was a few years ago." Rep. Ruben Kihuen, U.S. House District 4

Amodei hits back on Berkley's comment that Nevada can't afford 2 medical schools
News - September 12, 2017

"I mean, I don't know why you can only make doctors in one place." Rep. Mark Amodei on the need for two medical schools in Nevada

Titus wants to protect federal information on DACA recipients from immigration authorities
News - September 11, 2017

"They (DACA recipients) tried to do the right thing. They followed the rules and they turned in their information. And this information can be used to go after not only them but also their families, because, now, they (immigration officers) know where they (DACA recipients) live, where to find them and where they work. It's terrible." U.S. Rep. Dina Titus

Heller sees changes to home owners' mortgage-interest deduction in Trump tax plan
News - September 7, 2017

"If you are talking about the average tax payer, I don't believe we can do corporate tax reform without helping the small businesses and the individuals. And the goal from this administration, as they have reiterated time and time again, as we sit at the table, they want you to be able to do your tax form on a large post card. It used to be a post card. Now it is a large postcard. But if they can manage a large post card, I'm all in." Sen. Dean Heller, R-Nv.

Cortez Masto sees DREAM Act as solution to DACA crisis
News - September 6, 2017

"So there is a bill there now, called the DREAM Act, that is bipartisan. It was introduced by (Republican)  Lindsay Graham and (Democrat) Dick Durbin. Both Rs and Ds have signed onto it and this is the answer." Sen. Catherine Cortez Masto, D-Nv

GOP lieutenat governor candidate Roberson pushes 'no-sanctuary-cities' ballot initative
News - August 29, 2017

"I believe I'm going to have widespread support from law enforcement and widespread bipartisan support from Nevadans from all over this state for this ballot initiative. It is very important because we just saw what the Democrats tried to do last session. If they are in a position to do this next session, if there is a Democrat governor and a Democrat Legislature next session, we've got a real problem on our hands." Michael Roberson, GOP lieutenant governor candidate

Washoe Commisioner Jung warns of 'arms race' with City of Reno
News - August 25, 2017

"And having this arms race of needing development to pay for fire (protection), needing to annex that (county land) to take the property tax. It is an arms race and if that not solved, it is very difficult for us to be regional partners." Washoe Commissioner Kitty Jung

Tark smart to stick close to Trump in GOP primary, leading consultant says
News - August 21, 2017

"Danny hasn't exactly picked very winnable races for himself. The only one, I would argue, CD3 the last time around and he came up a percent or two short." Robert Uithoven on the political races of Danny Tarkanian

Giunchigliani ponders gubernatorial run, welcomes Democratic primary with Sisolak
News - August 18, 2017

"I think people in this country and this state are tired of people trying to buy politics. You should not be running for something just because you have a war chest. You should be running for the opportunity to do something, so I think that would differentiate me (from Steve Sisolak)." Clark County Commissioner Chris Giunchigliani

Tarkanian prepares for 'dirty' U.S. Senate primary with Heller; has lawsuit pending with potential general-election opponent
News - August 17, 2017

"First of all, Dean Heller cannot win a general election. He absolutely can't win a general election because he's not going to get a certain amount of the Republican base to vote for him in any circumstances. You saw that happen to Joe Heck in his race. Dean is even worse off than that." U.S. Senate candidate Danny Tarkanian

'Back to the Future' biorefinery draws international attention at Tahoe-Reno Industrial Center
News - August 10, 2017

"It (Fulcrum biorefinery) is very significant and it is being done right in our back yard, the first one in the United States." Bruce Breslow, Nevada's director of the Department of Business and Industry

Reno's Schieve seeks to change mayor's role in 2019 Legislature; says 2014 Supreme Court ruling about term limits 'is wrong'
News - August 3, 2017

"I think people look to the mayor in times of disaster and they want to know that the city is going to be OK. People perceive the mayor as having different power to change things versus a council member. And so, I think that perception is important. It is very important." Reno Mayor Hillary Schieve

Reno mayor says she will run for re-election in 2018 and not pursue statewide office
News - August 3, 2017

"Certainly, it has been a rumor (running for statewide office) and we're going to break it right here on your show: I'm not running for lieutenant governor. I can promise you that ... I love this city and I want to make sure we continue to move forward." Reno Mayor Hillary Schieve

Marilyn York ponders two TV projects about her work as the men's rights divorce lawyer of Reno
News - July 28, 2017

"I wasn't prepared when asked if I thought Cameron Diaz should play me. They expect me to be flattered. I am. She is adorable. If I had a body that looked like that I wouldn't be doing this, let me tell you. But I am not sure she is right. I have better ideas, in my opinion, with my no TV background." Marilyn York, on possible TV show about her

Trump should not be able to pardon himself and should quit ripping on Sessions, Rep. Amodei says
News - July 27, 2017

"Would a governor commute his own sentence? I mean, the self dealing. I mean we've got rules about nepotism, I mean, this is nepotism on steroids. It is total self interest." Rep. Mark Amodei on the possibility of a President pardoning himself.

State Treasurer Schwartz 'virtually certain' he'll run for governor in 2018
News - July 19, 2017

"This to me, makes me even more nervous about the attorney general: If you are in the pocket of the state's richest citizen, what does this suggest for your administration if you're elected governor?" Dan Schwartz, referring to relationship between AG Adam Laxalt and Sheldon Adelson

Next Page Last Page