AXEL.org

cybercrime

National Technology Day: How Tech has Changed the Way We Live

What was life like twenty years ago? What technology did we use? How did we get work done in 2002? While twenty years may seem like a relatively short period of time, our everyday lives have drastically changed over the past two decades. We went from flip phones to iPhones, from CDs to music and video streaming, from printed-out MapQuest papers to instant GPS directions. In the past twenty years, modern technology has changed nearly every aspect of our lives. 

Because of the incredible technological advances we’ve seen in the past twenty years, AXEL founded National Technology Day, a holiday celebrated every year on January 6th. On National Technology Day, we encourage everyone to reflect on the advances made in business, culture, and entertainment. From maximizing efficiency at the office to sharing your own media online, technology has changed the way we live and will continue to change our lives in the future. While it’s unclear what the world will look like in twenty years, we do know one thing: Technology will continue to innovate.

With that said, here are a few ways how recent technological advances have radically impacted our everyday lives:

How Tech Changed Public Health

Undoubtedly, one of the greatest technological triumphs in public health in the past twenty years has been the widespread use of messenger RNA (mRNA) vaccines. Most COVID-19 vaccines are mRNA vaccines, and with billions of doses administered in one year, these high-tech vaccines have saved countless lives. But how are mRNA vaccines different from traditional vaccines? With an mRNA vaccine, a weakened pathogen isn’t injected into your body like with traditional vaccines. An mRNA vaccine delivers “coded” mRNA to your immune cells, and using that code, your immune cells can produce proteins that are found on the specific pathogen [1].

The development of mRNA vaccines was made possible by technological advances in the pharmaceutical industry. Although they are relatively new today, mRNA vaccines have been studied and theorized for decades. Finally, modern technology caught up with researchers, and a new soldier in the war on infectious diseases was created.

While vaccines have certainly had a massive impact on the world, they aren’t the only way that technology has changed public health. An obvious example is the rise of fitness and health trackers. Today, about one in five Americans use a fitness tracker and corresponding app [2]. With these trackers, users can track their steps taken, calories burned, steps climbed, blood pressure, sleep quality, and dozens of other metrics. While research on their effectiveness has been mixed, fitness trackers give people fun, convenient ways to check on their health [3].

How Tech Changed Education

If the pandemic taught us one thing, it’s that technology allows us to be connected, even when we can’t be physically present together. This was particularly apparent when schools across the world were closed and classes were taught online. Although there are certainly valid criticisms of e-learning, the fact that instruction was able to continue in the midst of a pandemic highlights just how much technology allowed education to evolve. Now, almost every lecture or assignment can be completed online, ensuring that education can continue even after future pandemics or natural disasters.

While e-learning is certainly new, the advancement of technology has always correlated with expanded access to education [4]. Think about it: 500 years ago, the only educational materials were books, and books were only available to the extremely well-off. However, the technological innovation of the printing press made books far more available for middle and lower-class people. Now, thanks to the Internet, there are millions of educational websites and videos available to all. Today, a student can learn calculus or biology from reliable sources on their own time, for free. While some may criticize technology for “dumbing down” our youth, it’s a simple fact: Technological progress leads to greater access to education.

How Tech Changed Business

Even before the pandemic, technology was radically changing the modern office. One of the biggest changes in the past twenty years has been the way employees share information with each other. Although email existed twenty years ago, it was certainly in its infancy, and when files needed to be shared, physical documents were printed off and delivered. Now, most documents are shared electronically, without the need for paper and ink, helping to save businesses time and money. Outside of file-sharing, even the way workers communicate with each other has greatly changed. Today, software applications like Slack make it easy for employees to communicate without anyone being left out of the loop. Technological advances have made office communication digital and instantaneous, making the necessary transition to remote work during the pandemic relatively simple.

Outside of office communication, technology has allowed businesses to increase efficiency in nearly every department. From resumé software to digital marketing, technology has greatly changed the way businesses operate. Unfortunately, this also means that the businesses that haven’t embraced technology are at risk of going under. After all, if your business doesn’t have a digital presence, such as social media or a simple website, it may as well not exist. 

Technology has fundamentally changed the way work gets done in the United States, and it’s not done changing either. In twenty years, Mark Zuckerberg’s vision of the “Metaverse” may become our everyday office. One thing is known: If it can save money, businesses will continue to test and use innovative modern technology.

How Tech Changed Cybersecurity

Twenty years ago, “cybersecurity” was little more than simply having a password. Unfortunately, as technology has progressed, so have cybercriminals. Today, features like encryption, multi-factor authorization, and artificial intelligence are the norm when it comes to cybersecurity. 

It’s no coincidence that the technological advancement of computers and their related technologies is correlated with the number of cybercriminal attacks [5].

In 2002, cybercriminals mostly utilized phishing attacks to make their money. Cybercriminals used fake emails and pop-ups to trick users into divulging their names, addresses, credit card information, or even Social Security numbers. Thankfully, most of these phishing attacks were easy to identify [5]. However, cybercriminals quickly learned even more efficient methods of making money. Today, ransomware is the main tool that cybercriminal organizations use to wreak havoc around the world. Much more efficient than individual phishing emails, ransomware can shut down an entire business, forcing executives to pay millions in order to get their data back. Put simply, as technology has advanced, so too have cybercriminals. It’s an unfortunate fact, but all hope is not lost.

While cybercriminals are taking advantage of modern technology for a quick buck, more savory organizations are also working to prioritize security. Even AXEL is utilizing modern cybersecurity technology in innovative ways to protect users. One of AXEL’s patents, US11159306B2, describes a token identification system that allows users to perform transactions privately, while making the transaction verification public. This technology prioritizes the digital privacy of users, secures the specific aspects of the transaction, and offers public verification. Patents like this are being presented, approved, and utilized every day, creating a more private, secure Internet. So while cybercriminals may be quick to exploit technological flaws, an army of individuals and businesses are ready to fight for digital security.

About AXEL

Technology will continue to advance, and our lives will become more digitized than ever before. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Dolgin, Elie. “The Tangled History of mRNA Vaccines.” Nature News. Nature Publishing Group, September 14, 2021. https://www.nature.com/articles/d41586-021-02483-w

[2] “19% Of Americans Use Wearable Fitness Trackers and MHealth Apps.” Mercom Capital Group, October 13, 2021. https://mercomcapital.com/90-americans-wearable-mhealth-apps/#:~:text=According%20to%20a%20new%20survey,or%20tablet%20app%20(32%25)

[3] Marks, Adam. “Do Exercise Trackers Make You Healthier?” Ace.edu, February 16, 2021. https://www.ace.edu/blog/post/2021/02/16/do-exercise-trackers-make-you-healthier

[4] “How Has Technology Changed Education?” Purdue University Online.. https://online.purdue.edu/blog/education/how-has-technology-changed-education

[5] Acharjee, Sauvik. “The Evolution of Cybercrime: An Easy Guide (2021).” Jigsaw Academy, February 13, 2021. https://www.jigsawacademy.com/blogs/cyber-security/evolution-of-cybercrime/

The World’s Top Hacking Groups – Part 2

In Part 1 of AXEL’s feature on the world’s top hacking groups, we featured some of the leading cultivators of chaos in the world. From state-sponsored groups like Bureau 121 to leaderless hacktivist organizations like Anonymous, no two hacking groups are the same. Each organization has different personnel, goals, and methods of achieving those goals, with some more successful than others. In a way, these criminal syndicates are extremely similar to traditional businesses: If you’re financially successful, your group will flourish. If you struggle to make steady income, you’ll lose employees and, eventually, your entire company.

However, just as it is in the business world, there are some hacking groups that are seemingly too big to fail. Typically, these groups are state-sponsored, and receive oodles of cash for security purposes. While these state-sponsored groups may rarely grab headlines, these are the syndicates that truly hold the most power. After all, an independent hacker group can be taken down with a thorough investigation. A hacker group supported by a powerful nation is extremely unlikely to ever face investigations or oversight from other nations.

These four groups represent some of the most powerful hacking organizations in the world:

Cozy Bear

Cozy Bear is yet another Russian state-sponsored hacking group that focuses on attacking Western governments and media [1]. This group, however, seemingly has an intense focus on the United States. In 2014, the group hacked the State Department and the White House’s email systems, and in 2020, breached the Commerce and Treasury departments [2]. As part of Russia’s foreign intelligence service, Cozy Bear, along with sibling hacking group Fancy Bear, hacked into the Democratic National Committee (DNC) in 2016. Oddly enough, Cozy Bear and Fancy Bear were unaware of each other’s activities, and both independently hacked the political committee [3].

Although Cozy Bear and Fancy Bear both breached the DNC’s servers in 2016, Cozy Bear’s latest actions show that these hacks aren’t done for partisan purposes. In July 2021, the group breached the servers of the Republican National Committee (RNC) [4]. Ultimately this highlights Russia’s main strategy regarding cyberwarfare. The goal isn’t to make sure a certain candidate wins; it’s to undermine faith in the electoral process, thus lowering confidence in the nation itself. While Russia may have a preferred candidate every four years, it’s cybersecurity actions show a clear, nonpartisan strategy to simply embarrass the United States and decrease faith in its political processes. And Cozy Bear is just one of many groups Russia uses to further this goal.

REvil

One of the newest hacking groups in the world is also one of the most notorious. REvil is a private Russian group that makes millions from its ransomware attacks on businesses. The group initially gained attention in May 2020, when it hacked an entertainment-focused law firm and stole a number of files from the firm. REvil threatened then-President Donald Trump to release compromising documents unless the group received a massive USD $42 million ransom [5]. However, cybersecurity researchers quickly believed that this was a bluff, and no compromising documents were ever released by REvil [6].

Unfortunately, REvil’s initial failure did not deter the group. In 2021, the group was responsible for two massive cyberattacks. First, in May 2021, REvil breached JBS Foods, the world’s largest beef producer. This attack forced the company to shut down some of its food processing plants, threatening a potential beef shortage. However, just one day after the initial attack, JBS paid a USD $11 million ransom to REvil to decrypt its servers [7]. While the quick payment ensured there would be no major shortages, it showed how desperate businesses can be if hit with a devastating ransomware attack. Just a month later, REvil attacked Kaseya, a networks, systems, and IT software company. This attack shut down Kaseya’s main software, ultimately affecting up to 1,500 businesses worldwide. The impacts of this attack were felt worldwide, with a Swedish grocery store chain closed because of inoperable cash registers, and New Zealand schools being taken offline [8].

Thankfully, in October 2021, REvil itself was forced offline by a multi-country operation led by the United States [9]. While this doesn’t mean REvil will never pop up again, the crackdown on ransomware shows that even the most notorious private hacking groups can be stopped.

Chinese Cyber Operations

While not much is known about China’s cyber operations, we do know that their attacks have been effective. In 2010, China was the culprit behind Operation Aurora, an advanced, highly-sophisticated attack on dozens of American companies, including Google and Adobe [10]. In the attack, China stole intellectual property, along with access to the Gmail accounts of two high-profile human rights activists.

Following this complex cyberattack, China was accused of executing one of the worst cyberattacks of all time: The Equifax data breach. In February 2020, the United States charged four members of China’s People’s Liberation Army with the 2017 hack that leaked personal information of over 150 million Americans [11]. While the United States has no way of extraditing the four soldiers for trial, this claim highlighted the sheer power of state cyber operations groups. The Equifax hack had a profound effect on everyday Americans, and caused concern that extremely effective and damaging cyberattacks could become commonplace in the future.

In the present, China’s cyber operations have expanded. This escalation is fueled by the desire for more intelligence, particularly from the United States amid rising tensions between the two global superpowers [12]. In fact, Western governments have accused China of hacking into Microsoft’s Exchange company server. This hack affected about 250,000 organizations worldwide, allowing Chinese hackers to pilfer through company emails for intelligence. While this hack was not nearly as impactful as the Equifax breach, it highlights China’s renewed focus on gathering massive amounts of intelligence on the United States and other Western nations.

NSA Tailored Access Operations

While many of the world’s top hacking groups operate far from North America, the world’s most powerful group is undoubtedly within American borders. The National Security Administration’s (NSA) Tailored Access Operations group gathers intelligence from foreign targets by hacking into devices, stealing data, and monitoring communications. Additionally, the group develops software that can destroy a foreign target’s computer and networks [13]. The group is responsible for developing malware that targeted Iran’s nuclear program, along with regularly breaching Chinese computer networks for gathering intelligence.

The United States’ targeted surveillance capabilities should come as no surprise. After all, the NSA is well-known for its mass surveillance techniques. Tailored Access Operations is relatively similar to other state cyber operations groups: It uses targeted surveillance to gather intelligence, and uses sophisticated malware to attack its targets. Of course, because it’s the NSA, there is the possibility that the group has even more publicly unknown high-tech resources for cyberattacks. While Tailored Access Operations works in the shadows, the strength of the NSA, and the United States in general, make this group the most powerful hackers in the world.

About AXEL

Some of these powerful hacking groups will, unfortunately, continue to wreak havoc in 2022. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Meyer, Josh. “Cozy Bear Explained: What You Need to Know about the Russian Hacks.” NBCNews.com. NBCUniversal News Group, September 15, 2016. https://www.nbcnews.com/storyline/hacking-in-america/cozy-bear-explained-what-you-need-know-about-russian-hacks-n648541

[2] Nakashima, Ellen, and Craig Timberg. “Russian Government Hackers Are behind a Broad Espionage Campaign That Has Compromised U.S. Agencies, Including Treasury and Commerce.” The Washington Post. WP Company, December 14, 2020. https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html 

[3] “Bear on Bear.” The Economist. The Economist Newspaper, September 22, 2016. https://www.economist.com/united-states/2016/09/22/bear-on-bear

[4] Turton, William, and Jennifer Jacobs. “Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit.” Bloomberg.com. Bloomberg, July 6, 2021. https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee

[5] Collier, Kevin, and Diana Dasrath. “Criminal Group That Hacked Law Firm Threatens to Release Trump Documents.” NBCNews.com. NBCUniversal News Group, May 16, 2020. https://www.nbcnews.com/tech/security/criminal-group-hacked-law-firm-threatens-release-trump-documents-n1208366

[6] Vanian, Jonathan. “Everything to Know about Revil, the Group behind Several Devastating Ransomware Attacks.” Fortune. Fortune, July 8, 2021. https://fortune.com/2021/07/07/what-is-revil-ransomware-attack-kaseya/

[7] Abrams, Lawrence. “JBS Paid $11 Million to REvil Ransomware, $22.5m First Demanded.” BleepingComputer. BleepingComputer, June 10, 2021. https://www.bleepingcomputer.com/news/security/jbs-paid-11-million-to-revil-ransomware-225m-first-demanded/

[8] Satter, Raphael. “Up to 1,500 Businesses Affected by Ransomware Attack, U.S. Firm’s CEO Says.” Reuters. Thomson Reuters, July 6, 2021. https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

[9] Bing, Christopher, and Joseph Menn. “Exclusive Governments Turn Tables on Ransomware Gang Revil by Pushing It Offline.” Reuters. Thomson Reuters, October 21, 2021. https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/

[10] Zetter, Kim. “Google Hack Attack Was Ultra Sophisticated, New Details Show.” Wired. Conde Nast, January 15, 2010. https://www.wired.com/2010/01/operation-aurora/

[11] Perez, Evan, and Zachary Cohen. “US Charges 4 Members of Chinese Military with Equifax Hack.” CNN. Cable News Network, February 11, 2020. https://www.cnn.com/2020/02/10/politics/equifax-chinese-military-justice-department/index.html

[12] Sabbagh, Dan. “Experts Say China’s Low-Level Cyberwar Is Becoming Severe Threat.” The Guardian. Guardian News and Media, September 23, 2021. https://www.theguardian.com/world/2021/sep/23/experts-china-low-level-cyber-war-severe-threat

[13] Peterson, Andrea. “The NSA Has Its Own Team of Elite Hackers.” The Washington Post. WP Company, August 29, 2013. https://www.washingtonpost.com/news/the-switch/wp/2013/08/29/the-nsa-has-its-own-team-of-elite-hackers/

Devastating Data Breaches – Part 4: How Target Changed Credit Cards

In 2013, data breaches were common, but didn’t particularly weigh heavily in the public consciousness. While major data breaches had certainly occurred by that point, these breaches tended to affect less personal businesses. After all, Americans weren’t going into Yahoo or Equifax every week for grocery shopping. Data breaches tended to affect corporations that most people only interacted with online. Therefore, when a data breach occurred, it didn’t feel as personal. Combined with the equally impersonal picture of shadowy hackers stealing data from continents away, data breaches weren’t seen as a massive issue to the general population, but as an online nuisance.

Unfortunately, that mindset soon changed. In late 2013, in the middle of the holiday shopping season, Target fell victim to a data breach, with over 70 million people’s financial information becoming compromised [1]. While 70 million may sound paltry compared to Yahoo’s 3 billion leaked accounts, the damage to those 70 million victims was much more severe. Ultimately, this hack put data breaches on the mind of everyday citizens. After all, these hackers didn’t target a shadowy Internet business that only a few hundred people have physically been to. This hack targeted a popular chain of stores where millions of people shop every week.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches.

The Breach

In September 2013, the cybercriminals responsible for the attack began their strike on the popular retail chain. However, the hackers’ plans did not involve attacking Target directly, at least not yet. The cybercriminals targeted Fazio Mechanical Services, a contractor that provided Target with heating and air conditioning [2]. From Fazio and its approved credentials, the hackers then accessed Target’s network and quickly found access to Target’s point-of-sale (POS) systems. From there, the attackers installed malware that recorded credit card data. Finally, the hackers encrypted the credit card data and exfiltrated it right under Target’s nose.

Target became aware of a potential breach on November 30, when a Target security operations center in India recorded potentially malicious activity [1]. That activity was shared with the Target corporate office in Minneapolis, but no action was taken. Again, on December 2, malicious activity was found and reported, but no action was taken by the corporate office. Finally, on December 12, the US Department of Justice contacted Target about a potential data breach, and an investigation began [1]. One week later, Target publicly revealed the data breach.

All in all, over 70 million customer records and 40 million payment card credentials were stolen in the hack [3]. This information was put up for sale on the dark web, where any variety of cybercriminals could pay for the stolen financial data. The data breach not only included debit and credit card numbers, but PIN numbers as well, putting affected customers at a large financial risk. Overall, while 70 million victims may pale in comparison to other data breaches, the breach’s effect on those victims was enormous. 

The Fallout

In the years following the data breach, Target paid over USD $200 million in costs related to the hack [4]. Target could have paid much more, but the company had a cybersecurity insurance policy that covered about USD $90 million of the total cost [1]. Additionally, Target agreed to a settlement of USD $18.5 million to 47 state governments for further compensation to victims [4]. As part of the settlement, Target agreed to tighten its security measures, along with promising to separate its cardholder data from the rest of its computer network. Additionally, Target’s CEO, Gregg Steinhafel, resigned in May 2014, in the aftermath of the attack [4]. Although the breach certainly did not put Target out of business, it had a profound effect on the company’s financial security, along with consumer trust in the company.

To this day, just one person has been charged in connection to the attack. In 2018, a Latvian computer programmer named Ruslan Bondars was sentenced to 14 years in prison for creating a program that helped cybercriminals, including the perpetrators behind the Target attack, improve malware [5]. However, Bondars was not immediately connected to the attack. Cybersecurity experts hypothesize that Andrey Hodirevsky, a Ukrainian programmer who specializes in selling stolen financial information, was the mastermind behind the attack [5]. However, Hodirevsky has never been charged with the crime.

Finally, the Target data breach affected not only the victims, but spearheaded a massive change in credit card usage as well. Following the breach, Target was one of the first companies to offer credit cards with embedded microchips, which provides better security than the traditional magnetic swipe [3]. So while the Target attack affected millions of victims, it also helped encourage the necessary transition from magnetic swipes to chip cards.

Overall, the Target data breach highlights the importance of communications, especially when it comes to cybersecurity incidents. Had Target taken action earlier, the effects of the data breach could have been mitigated or even eliminated. Unfortunately, in the time it took for Target to realize something was wrong, the damage had already been done. Thankfully, Target quickly identified and eliminated the malware, and also ushered in the era of microchipped cards. 

Keep Your Data Secure with AXEL Go

AXEL Go is a secure file-sharing and storage software that puts you back in control of your data. From military-grade encryption to blockchain technology, AXEL offers the most stringent security for your most important files. If you’re ready to take back control of your data, try two weeks of AXEL Go for free here. To read more about AXEL Go, click here.

[1] Plachkinova, Miloslava, and Chris Maurer. “Teaching Case Security Breach at Target.” Journal of Information Systems Education 29, no. 1 (March 21, 2018). https://jise.org/Volume29/n1/JISEv29n1p11.pdf.

[2] Shu, Xiaokui, Ke Tian, Andrew Ciambrone, and Danfeng Yao. “Breaking the Target: An Analysis of Target Data Breach and Lessons Learned.” January 18, 2017. https://arxiv.org/pdf/1701.04940.pdf.

[3] Myers, Lysa. “Target Targeted: Five Years on from a Breach That Shook the Cybersecurity Industry.” WeLiveSecurity. December 13, 2018. https://www.welivesecurity.com/2018/12/18/target-targeted-five-years-breach-shook-cybersecurity/.

[4] Abrams, Rachel. “Target to Pay $18.5 Million to 47 States in Security Breach Settlement.” The New York Times. May 23, 2017. https://www.nytimes.com/2017/05/23/business/target-security-breach-settlement.html.

[5] Weiner, Rachel. “Hacker Linked to Target Data Breach Gets 14 Years in Prison.” The Washington Post. September 21, 2018. https://www.washingtonpost.com/local/public-safety/hacker-linked-to-target-data-breach-gets-14-years-in-prison/2018/09/21/839fd6b0-bd17-11e8-b7d2-0773aa1e33da_story.html.

Devastating Data Breaches – Part 3: The Negligence of Equifax

Data breaches, in the traditional sense, have existed for centuries. Although we think of data breaches as a relatively new phenomenon due to the sheer prevalence of attacks we see today, data breaches have been causing headaches to businesses and consumers for a long, long time. Of course, before computers, a data breach meant the exposing of physical papers with confidential information on them. Before the Internet, the amount of damage that could be done was limited by the physical amount of data you could steal. After all, there’s only a finite amount of confidential papers a criminal can sneakily fit in a briefcase. Because of this, the amount of damage done by data breaches was limited.

However, once Internet usage became widespread, the potential damage of a data breach skyrocketed. Millions of consumer records could be stored digitally, ripe for the picking for any cybercriminal with enough knowledge and skill. Ultimately, the Internet ushered in the great data breach boom. And no case is more symbolic of this new trend than the Equifax data breach of 2017.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches.

Equifax’s Lax Security

Equifax, one of the three major credit bureaus in the United States, has held mountains of information on millions of Americans for decades. Of course, recording and analyzing this personal information is what a credit bureau does, and their existence is necessary in today’s world. However, because of the sheer amount of information that credit bureaus have, they also hold more responsibilities than most other businesses. Specifically, these businesses have increased responsibility for protecting data and preventing cybercrime. Unfortunately, Equifax reneged on this responsibility in 2017.

On March 7, 2017, Apache Struts, a software program that Equifax and thousands of other companies used, announced a security vulnerability in the software, and immediately sent an update to Equifax to patch the security hole [1]. For reasons unknown, the software was never updated by Equifax, creating a massive security vulnerability. Just a week later, Equifax ran a scan for unpatched systems, but the Apache Struts security hole was not flagged [1]. Ultimately, these two errors put Equifax’s data at massive risk, as the software’s security flaw was publicly known. Just a few days after Equifax’s initial error, the risk became realized.

The Breach

On March 10, 2017, the perpetrators first gained access to Equifax’s servers. However, the cybercriminals did not do much for the next few months, likely to evade detection by Equifax IT. However, by May, the hackers began their attack [2]. For the next two months, the hackers gained access to multiple Equifax databases, They then encrypted this data, and extracted it right under Equifax’s nose. Not long after, the perpetrators were in control of millions of Social Security numbers, birth dates, names, driver’s license numbers, and credit card numbers. After months of investigations, it was determined that the cybercriminals made away with the vital personal information of over 140 million people [3].

To make matters worse, Equifax could’ve had one last line of defense when the hackers were extracting the encrypted data. Most companies receive notifications when a large amount of encrypted data is exfiltrated. However, in another cybersecurity blunder by Equifax, the company failed to renew a vital security service that inspects encrypted data traffic [1]. Because of this, the hackers made away with the data with no detection.

The Response

In August 2017, Equifax became aware of the cybersecurity incident, but did not reveal the attack to the public until September [1]. While Equifax attempted to provide resources to those affected, even the company’s response to the attack was widely panned. For example, Equifax’s social media team directed affected consumers to incorrect web pages on multiple occasions [1]. Even worse, it was revealed that multiple Equifax executives sold USD $1.8 million in Equifax stock following the company’s discovery of the attack, but before it was publicly announced [4]. One executive, Equifax’s Chief Information Officer, was eventually convicted of insider trading related to the attack [5]. Simply put, Equifax’s response to the crisis was woefully inept, and the affected consumers were furious. Eventually, this frustration resulted in litigation.

In the following years, a class-action lawsuit was filed on behalf of the affected consumers, and Equifax’s penalty was steep. In July 2019, Equifax agreed to settle the case, paying USD $1.38 billion to resolve consumer complaints, and USD $380.5 million to those who were harmed by the breach [6]. While those numbers are large, the large number of victims meant that the maximum payout was only USD $125 [1]. Additionally, Equifax was required to provide free credit monitoring to all those affected by the breach.

For months, investigators waited for the stolen data to appear on the dark web to be sold to spammers and scammers. However, the stolen personal information never appeared. Ultimately, this led to the belief that state-sponsored actors were behind the attack. This meant the purpose of the attack was not to make money, but for espionage. For years, it was unknown who was behind the breach. However, in 2020, the United States Department of Justice abruptly charged four Chinese military members with the attack [1]. While the four potential perpetrators are unlikely to ever be extradited to stand trial, these charges at least provide a theory of who was behind this massive data breach.

Protect Your Data with AXEL Go

AXEL is committed to protecting your data from scammers, spammers, and cybercriminals. And the best way to fight against cyberattacks is to be prepared. That’s why AXEL Go, AXEL’s secure file-storage application, uses military-grade encryption and blockchain technology to safeguard your data. To try out AXEL Go’s unparalleled data security, sign up for a two-week free trial here

[1] Fruhlinger, Josh. “Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact?” CSO Online. February 12, 2020. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html.

[2] Riley, Michael, Jordan Robertson, and Anita Sharpe. “The Equifax Hack Has the Hallmarks of State-Sponsored Pros.” Bloomberg.com. September 29, 2017. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros.

[3] Leonhardt, Megan. “Equifax to Pay $700 Million for Massive Data Breach. Here’s What You Need to Know about Getting a Cut.” CNBC. July 23, 2019. https://www.cnbc.com/2019/07/22/what-you-need-to-know-equifax-data-breach-700-million-settlement.html.

[4] Hudson, Phil. “Equifax Gets Blasted for Cybersecurity Hack on Social Media.” Bizjournals.com. September 8, 2017. https://www.bizjournals.com/atlanta/news/2017/09/08/equifax-gets-blasted-for-cybersecurity-hack-on.html.

[5] Liptak, Andrew. “Former Equifax Executive Sentenced to Prison for Insider Trading Prior to Data Breach.” The Verge. June 29, 2019. https://www.theverge.com/2019/6/29/20056655/jun-ying-equifax-breach-jail-time-insider-trading-department-of-justice.

[6] Brumfield, Cynthia. “Equifax’s Data Breach Disaster: Will It Change Executive Attitudes toward Security?” CSO Online. July 24, 2019.  https://www.csoonline.com/article/3411139/equifax-s-billion-dollar-data-breach-disaster-will-it-change-executive-attitudes-toward-security.html.

Data Breaches are Here to Stay (For the Unprepared)

On August 18, T-Mobile announced that a recent data breach has affected over 40 million customers. Thankfully, it appears that no financial information was leaked. However, in a statement, T-Mobile stated “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.” Those responsible for the breach targeted T-Mobile credit applications, putting names, phone numbers and social security numbers at risk [1].

This massive data leak is just one of many that have occurred in recent years. From banks to superstores, data breaches have affected businesses in every industry, putting customers at risk. With this never-ending barrage of data breaches occurring, it’s fair to ask: When will they stop?

Well, we simply don’t know. If businesses continue to neglect cybersecurity, data breaches will remain common and catastrophic. However, there are ways to minimize this risk. Simply taking the time to protect your data is the key to preventing these massive, costly data breaches. After all, protecting your data is a lot easier than dealing with a massive data breach. Just ask Equifax.

The Equifax Data Breach

In 2017, Equifax, a consumer credit reporting agency, fell victim to a massive cyberattack and data breach. In the attack, over 160 million customers’ personal information was leaked, including names, phone numbers, social security numbers, driver’s license numbers and more [2].

In addition to the massive security breach, Equifax’s response to the attack was criticized as well. Although Equifax learned of the attack in July 2017, it was not announced publicly until September 2017. Additionally, Equifax social media directed customers to unofficial sites not owned by Equifax, putting clients further at risk of phishing attacks [3]. Put simply, the Equifax data breach showed what a business should not do in the event of a data breach. From poor communication to a lackadaisical response to the sheer scale of the breach, Equifax was largely unprepared for the breach and its consequences.

But how did the breach occur? While some data breaches can be the consequence of an honest mistake, this was anything but. Equifax was targeted because of its refusal to update its security software. In March 2017, an update for Equifax’s security software was released, but the update was not immediately installed. Quickly, cybercriminals realized there was a security hole in the older version of the software. Then, in May 2017, cybercriminals found that Equifax’s dispute portal still used the flawed security software. They gained access to documents that contained customers’ personal information, and slowly extracted the data over 76 days to avoid detection. As the attackers continued to extract the data, Equifax learned of the breach on July 29, and quickly shut off access. However, by the time Equifax cut off access to the criminals, the damage had already been done.

Why do Criminals Want Your Data?

While data breaches can be catastrophic to consumers, they can lead to big paydays for hackers. For the T-Mobile breach, the release of phone numbers can lead to increased phishing attempts among victims. And because the criminals have access to each phone number’s accompanying name, they can craft a much more convincing phishing text message. If customers fall for the trick, it puts the rest of their data, including financial information, at risk.

If cybercriminals gain access to financial information in a data breach, the consequences can be even more severe. Using this financial information, the hackers (or those who buy the data from the hackers) can open new credit lines, receive loans, or file false tax returns. And because these financial agreements are under your name, you could be on the hook for paying it back.

How do Data Breaches Happen?

While the cause of T-Mobile’s breach is not immediately apparent, Equifax’s cause certainly is clear: Negligence of cybersecurity. Treating cybersecurity as an afterthought is the main cause of many data breaches. Attackers often use phishing techniques and malware in order to gain access to valuable data. For example, when Target was the victim of a data breach in 2013, the attackers stole credentials and installed malware to Target’s software to extract names and credit card numbers [4]

In addition to outside cybercriminals, insider attacks pose a threat to businesses as well. In fact, employee error is the main cause of most data breaches [5]. While most of these breaches are small and have few negative consequences, it shows that outside actors are not the only cybersecurity risk. 47% of business leaders say that human error has caused a data breach in their organization. From losing a device to unintentionally sending confidential emails, internal data breaches certainly pose a threat. Thankfully, there are ways to minimize this risk.

How to Minimize the Risk of a Data Breach

One of the best ways for businesses to prevent a data breach is to encrypt confidential files. With strong encryption, files are unintelligible to unauthorized attackers, making your data useless to cybercriminals. So even if attackers gain access to your documents, encryption blocks the attackers from understanding the data. This ensures that your documents are usable for you, but worthless to criminals.

For individuals, there are easy strategies to minimize harm if your data is leaked. One easy technique to protect yourself is to use different passwords for different accounts. If you use the same password for all of your accounts, just one leak can make all of your accounts at risk. Therefore, it’s important to use different passwords for all your online accounts to ensure one leaked password doesn’t compromise all of your accounts. Additionally, simply checking your credit card history and credit reports can help stop identity theft after a data breach. If you catch fraud early, it can be stopped. Simply using these two techniques can help minimize the damage of a data breach if your information is compromised.

AXEL Offers Unparalleled Protection

AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Put simply, personal information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Schwartz, Mathew J., and Ron Ross. “T-Mobile: Attackers Stole 8.6 Million Customers’ Details.” Data Breach Today. August 18, 2021. https://www.databreachtoday.com/t-mobile-attackers-stole-86-million-customers-details-a-17314?rf=2021-08-19_ENEWS_ACQ_DBT__Slot1_ART17314&mkt_tok=MDUxLVpYSS0yMzcAAAF-_hUkPD9ryUOmFe0rRKxJ3eQA_mnHG9wpo_qAsffgZRgbqIV4FLolYFKr0A7f0CcMmHSwwy3ta4adyJhcjljmHueKFGYuyCT0ezu_kdFj7GYGdCBegA.

[2] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. September 07, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/.

[3] Morse, Jack. “Equifax Has Been Directing Victims to a Fake Phishing Site for Weeks.” Mashable. June 10, 2021. https://mashable.com/article/equifax-twitter-phishing-site-facepalm

[4] McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million Consumers.” USA Today. May 23, 2017. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.

[5] Reinicke, Carmen. “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC. June 21, 2018. https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.

Shady Schemes and Sinful Scams: The History of Internet Spam

Ever since the infancy of the Internet, spam has caused headaches for those that encounter it. Whether it be old-fashioned email spam or a modern phishing attempt through social media, we all have to deal with annoying, dangerous spam. Thankfully, tech companies have found ways to minimize the amount of spam we see, with spam folders and CAPTCHA tests becoming prevalent across the Internet. However, even with these security measures, spam still sometimes gets through, putting businesses and individuals at risk.

Early Days of Spam

The first recorded instance of “spam” actually occurred well before the invention of the Internet. In 1864, British politicians received a knock on the door, along with a telegram message; the politicians were terrified a war had broken out. But when they received the telegram, it did not tell of war or death, but an advertisement for a local dentistry. The politicians were understandably irritated and told the press about this occurrence, further amplifying the dentistry’s message as well [1]. Ultimately, this story shows how annoying (yet successful) spam messages can be. And when the Internet broke into the mainstream in the 1990s, pranksters and cybercriminals set their sights on the new, burgeoning medium.

As Internet use became more widespread, emails became the main target for spammers. In fact, in 2008, spam was so prevalent, it constituted 92.6% of all emails sent [2]. Although email was quickly becoming a valuable tool at home and the workplace, spam still made up the vast majority of all emails sent. Thankfully, in 2019, that number dropped to 28.5%. However, that number shows how spammers have simply found new, more successful ways to inundate users with ads and scams.

Unfortunately, many spam emails became more than annoying advertisements and sought to harm users as well. These scam emails seek to trick the receiver, typically by masquerading as another person. A well-known example is the “Nigerian prince” phishing scam, where the scammer promises a large sum of money in exchange for a smaller, upfront payment by the receiver. However, when the receiver makes the payment, the scammer does not fulfill their promise, making away with the upfront payment. While the success rate of this scam is low, it worked often enough to become profitable to scammers.

Modern-Day Scams and Spam

Now, spammers have diversified their targets, attacking people with more advanced social media and email scams. One prevalent example is a phishing scam that seeks access to personal Facebook accounts. In this scheme, scammers typically send a vague message with a link. When the user clicks the link, they see what appears to be a Facebook login page, but is actually a webpage masquerading as Facebook. Unsuspecting users then log in to the fake page, unknowingly giving their login information to the scammers. The crooks then have control of the account, then often post ads and try to trick the account’s friends with the same scheme.

Other modern scams use similar techniques, where the scammer typically disguises their email as an official work email. One example of this is CEO Fraud, where scammers, who pretend to be the CEO of the company, email lower-level employees at a business. The emails, typically written with an urgent tone, instruct employees to wire money to an account connected to the scammer. And while most employees don’t fall for this trick, the small amount that do lead to big paydays for scammers.

In addition, with the rise of cryptocurrencies and their decentralized, anonymous nature, crypto scams have become more prevalent as well. The most prominent example of this occurred in 2020, when 45 popular Twitter accounts were hacked, including Barack Obama, Bill Gates and Kim Kardashian. The accounts Tweeted identical messages, promising to double the value of Bitcoin that users send to a cryptocurrency wallet. While the Tweets were quickly taken down, the scammers still received over $100,000 in Bitcoin from users in that short period [3].

Tips to Avoid Scams

While many tips to avoid Internet scams may seem like common sense, it’s still important to review ways to protect yourself. After all, spam and scams are still evolving; we don’t know how these criminals will target their victims in a few years. So it’s crucial to stay informed on ways to protect yourself from these scammers.

Don’t click on anything from unknown accounts

This is the main way scammers can hack into your account and post spam. Just one click can give access to your entire account to the scammers. Only click on links from accounts and people you trust. If someone messaged you, and you’re not sure who it is, never click a link.

Check the email address

While this may sound obvious, double-checking emails can save you or your company from chaos. Scammers can make their emails look incredibly similar to official work emails; the only difference being a slightly different email address. For example, an email from help@google.com is safe. An email from help@google-admin.com is not safe. Before clicking a link, always double-check the email address to make sure it’s from the official site.

If it sounds too good to be true, it probably is

If you receive a message promising to double your money quickly, it is almost certainly a scam. Any message that promises thousand-dollar gift cards or free iPads simply wants your information to pile you with spam. Unless you’ve entered a sweepstakes, any message saying you’ve won something valuable is almost certainly fake.

AXEL’s Efforts to Can Spam

AXEL is committed to protecting your data, including protection from scammers, spammers, and cybercriminals. That’s why AXEL Go uses industry-leading data encryption, blockchain technology, and digital “shredding” to protect your data. As scammers evolve their practices, so does AXEL. For example, AXEL Go uses a system of decentralized servers to transfer your documents. So even if hackers gained access to a server, your files are still safe and uncompromised. To try out AXEL Go’s unparalleled data security, sign up for a two-week free trial here

[1] “Getting the Message, at Last.” The Economist. December 15, 2007. https://www.economist.com/node/10286400/print?story_id=10286400.

[2] Johnson, Joseph. “Spam E-mail Traffic Share 2019.” Statista. January 25, 2021. https://www.statista.com/statistics/420400/spam-email-traffic-share-annual/.


[3] Iyengar, Rishi. “Twitter Blames ‘coordinated’ Attack on Its Systems for Hack of Joe Biden, Barack Obama, Bill Gates and Others.” CNN. July 16, 2020. https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html.