© 2024 Connecticut Public

FCC Public Inspection Files:
WEDH · WEDN · WEDW · WEDY · WNPR
WPKT · WRLI-FM · WEDW-FM · Public Files Contact
ATSC 3.0 FAQ
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Equifax Help Site Manipulated By Hackers To Push Adware

DAVID GREENE, HOST:

The embattled company Equifax is having even more trouble with hackers. Now the company has had to take down one of its web pages after it was reported to be prompting people to download malicious software. NPR's Chris Arnold has more.

CHRIS ARNOLD, BYLINE: Equifax already admitted that because of sloppy security it allowed the largest theft of Social Security numbers in history. And now its website just got manipulated by hackers again. An independent cybersecurity analyst named Randy Abrams discovered the problem by accident.

RANDY ABRAMS: When I went to the Equifax page, I was looking for my credit report following a logical sequence of clicks. And it was like boom. Another window opens with what I know was malicious.

ARNOLD: A bogus alert popped up asking him to click the download an Adobe Flash software update. But he says it was actually malware that takes control of your web browser. Abrams says his first reaction was...

ABRAMS: You got to be kidding me. After what Equifax went through, to have this happen is just unbelievable. And I had to replicate it to convince myself it really happened. But I did.

ARNOLD: Abrams made a video of it happening and posted that on the Internet. He says the software appears to be designed to hijack your browser to show you unwanted ads. But he says this type of malware can also redirect you to sites to download more malicious code - for example, software that steals credit card numbers when you type them.

ABRAMS: It can point you to a drive-by download, which is going to install, a keystroke logger. Worst case would be ransomware for most people. So the security threat it presents to your computer for future downloads is horrible.

CHRIS HOOFNAGLE: Browser malware is a profound invasion of privacy.

ARNOLD: Chris Hoofnagle is a cyber security and privacy expert at UC Berkeley Law School.

HOOFNAGLE: It can lead to the computer user being spied on all the time or their camera turned on or their microphone turned on without their permission.

ARNOLD: Equifax claims the malicious code on its website came from another company that it hires to do analytics. So technically, that may be the company that got hacked. Still, the end result was that visitors to Equifax's website were prompted to download malware. Hoofnagle says that doesn't look very good for Equifax.

HOOFNAGLE: Shoes keep on dropping.

ARNOLD: And he says that could keep lawmakers focused on passing new regulations.

HOOFNAGLE: Equifax itself must be upset about this. But its competitors, too, must be very nervous because they could be rounded up in the same regulatory swoop.

ARNOLD: Equifax says it removed the malicious code, took the web page offline and is continuing to investigate what happened. Chris Arnold, NPR News.

(SOUNDBITE OF TESK'S "GREEN STAMPS") Transcript provided by NPR, Copyright NPR.

NPR correspondent Chris Arnold is based in Boston. His reports are heard regularly on NPR's award-winning newsmagazines Morning Edition, All Things Considered, and Weekend Edition. He joined NPR in 1996 and was based in San Francisco before moving to Boston in 2001.

Stand up for civility

This news story is funded in large part by Connecticut Public’s Members — listeners, viewers, and readers like you who value fact-based journalism and trustworthy information.

We hope their support inspires you to donate so that we can continue telling stories that inform, educate, and inspire you and your neighbors. As a community-supported public media service, Connecticut Public has relied on donor support for more than 50 years.

Your donation today will allow us to continue this work on your behalf. Give today at any amount and join the 50,000 members who are building a better—and more civil—Connecticut to live, work, and play.