The other theory, favored by investigators with an intelligence background, focused on intelligence officers working for a foreign nation-state.
As several independent investigations wound down, the experts following the case came to a general consensus that split the middle. The breach probably started with a low-level criminal who exploited a vulnerability in Equifax’s defenses, but was not experienced or capable enough to do more damage by moving further throughout the company. This criminal then sought help via the criminal underground and shared or sold information about the vulnerability. The buyer was probably a proxy for the Russian or Chinese government.
That buyer used far more sophisticated tools and techniques to hack deeper into Equifax’s databases and exfiltrate — an industry term for “steal” that implies moving huge amounts of data undetected — the now-infamous terabytes of consumer credit information.
One former senior intelligence official with direct knowledge of the Equifax investigation summarized the prevailing expert opinion on how the foreign intelligence agency is using the data. (This person asked to speak on the condition of anonymity because he isn’t authorized in his current role to speak to media.)
First, he said, the foreign government is probably combining this information with other stolen data, then analyzing it using artificial intelligence or machine learning to figure out who’s likely to be — or to become — a spy for the U.S. government. He pointed to other data breaches that focused on information that could be useful for identifying spies, such as a 2015 breach of the Office of Personnel Management, which processes the lengthy security clearance applications for U.S. government officials.
Second, credit reporting data provides compromising information that can be used to turn valuable people into agents of a foreign government, influencers or, for lower level employees, data thieves or informants. In particular, the credit information can be used to identify people in key positions who have significant financial problems, and could be compromised by bribes or high-paying jobs, the former official said. Financial distress is one of the most common reasons people commit espionage.
The Equifax data provides information that could identify people who aren’t even in these positions of influence yet, he said, and could be valuable for years to come.