How the Massive Equifax Data Breach Happened

SciShow is supported by Brilliant.org - a problem-solving website that teaches you how to think like a scientist. Another week, another news story about a massive data breach. But this time, the company involved is one of the ones in charge of monitoring your credit. And the hack appears to have involved some serious negligence on their part. Equifax is one of three big American credit agencies, which calculate the credit scores that determine how hard it is for you do things like get a loan. You probably know by now that they were hacked, and criminals managed to access private data, like social security numbers and birth dates, for 143 million consumers. Including 209,000 people’s credit card information. Credit agencies collect financial data on pretty much everyone in the U.S. with a credit history. Even if you’ve never paid for any of Equifax’s services directly, if you’re an adult in the United States, you were probably affected. And it turns out that the hackers got in by taking advantage of a vulnerability that Equifax had plenty of opportunity to fix. So oops, I guess. The Equifax website is built on software called Apache Struts, a widely-used framework for creating programs that help companies manage large amounts of data online. In March, the Apache Foundation, which oversees Struts, announced the existence of a vulnerability in the software code that they dubbed CVE-2017-5638. And it was a bad one. We’ve all filled out web forms a zillion times — to order products, register for accounts, contact customer service, all sorts of things. But because of a bug in the way that Struts handles data entered into these forms, hackers could use them to send malicious code to the servers with the data on them — a type of hack known as remote code execution. Normally, programmers protect against this by having the server check what you’re submitting to make sure it’s not computer code. But with this vulnerability, hackers could trigger an error, then make the server run the embedded commands while it was trying to figure out what the error was. That’s a pretty serious bug, but the Apache Foundation released a fix for it at the same time that they announced its existence. The fix could take a while, because it’s not as simple as downloading a software update for your phone. It requires individually updating and rebuilding every app that runs on the Struts platform, which could be dozens or hundreds for a single company. But the breach of Equifax’s system using this vulnerability began in mid-May, two months after the vulnerability came to light Why hadn’t Equifax updated their system by then? Nobody knows. We may find out though since more than thirty lawsuits have already been filed, the FBI and the FTC are investigating, and legislators are planning hearings, so there will be more information in the coming months. In the meantime, a couple of weeks ago Apache announced another Struts bug that makes it vulnerable to remote code execution, along with a patch for it. Here’s hoping Equifax implements this one a little more quickly. If all this hacking news has got you down, you might be relieved to hear that our second story isn’t about current events -- instead, it takes place 550 million years ago so not likely to affect you personally Back then, Earth’s oceans were inhabited by a creature so different from anything around today that scientists have never been sure if it was an animal or something more like a fungus or lichen -- until now. In a paper published last week in the journal Proceedings of the Royal Society B, paleontologists concluded that it was an animal. And their findings are giving us some fresh insights into the origins of animals as a whole. Dickinsonia fossils were first described in 1947, but it was hard to tell exactly what they were. The mysterious organism looked like a flattened oval. It was bilaterally symmetrical -- the same on both sides -- and made up of a series of rib-like “units” arranged along a central axis. Most Dickinsonia had a triangular shape at one end, which some think was the head. The scientists who found it originally thought it was a jellyfish-like animal, but it’s also been compared to worms, other simple animals, and things that aren’t animals at all. It was one of the first fossils described from the Ediacaran Period, 541 to 635 million years ago. It was a time when the world’s oceans held soft-bodied organisms so different from anything known today that how to classify them has been a major paleontological mystery. To figure out where this thing actually fits in the tree of life, the authors of the new study compared juvenile and adult Dickinsonia fossils from South Australia. They counted the specimens’ body units, measured their lengths, and plotted these numbers against the age of each unit to see how they grew. They found that Dickinsonia grew in two ways -- by adding new units, and by increasing the size of existing ones. Late in their life cycle, they switched mostly to the second, “inflation”-based way of growing. The team also found that Dickinsonia grew from the “head” end, instead of from the other end where the body units were smallest, which is what everyone had assumed. Comparing all this to what we know about how other organisms grow and develop tells us that Dickinsonia was definitely an animal, and probably part of a group called the Placozoa. And, based on the animals it was most similar to, it probably lived on the ocean bottom and could move around, rather than being fixed in place like a sponge or coral. For a long time, paleontologists interested in the origins of more complex and diverse animals focused on the Cambrian Explosion, which happened around 541 million years ago, millions of years after Dickinsonia’s heydey. But if some of the weird, confusing Ediacaran organisms were actually animals in their own right, this adds one more piece to the growing body of evidence that our animal relatives go back further than we thought. If the strange case of Dickinsonia got you wondering about other scientific mysteries, Brilliant.org is a problem-solving website that teaches you how to think like a scientist. Brilliant presents short, conceptual quizzes that supplement what you’ve seen on SciShow. A great way to retain that information is by actively solving problems on Brilliant. Each course guides you through easy and challenging problems with interactive graphics and questions. One course, Physics of the Everyday, has a neat lesson about physics in nature , like seasons and the greenhouse effect. In one lesson, I was surprised to learn how simple it is to predict which way hurricanes rotate. If you think you already know, [leave a comment below and] check your reasoning on Brilliant. . It was a fun refresher for concepts I thought I had already mastered. 4 million people are already using Brilliant, so join them in sharpening your STEM skills. To support SciShow and learn more about Brilliant, go to brilliant.orgSciShow and sign up for free.

Loading