The Equifax Hack Has Some Interesting Dynamics

in #cybercrime7 years ago

If you haven't heard by now, Equifax was hacked and it is creating widespread fear among many Americans.

The private information of over 143 million people appears to be affected. 

Data such as names, social security numbers, driver's license numbers, and credit card numbers appear to have been compromised.

The hack is stated to be the largest of it's kind in United States history.

In fact, an analyst from Reuters went on to say that on a scale of 1 - 10 (10 being the worst), this event is a 10.

Yikes.

Things get even more interesting...

The hacks appear to have taken place mostly between May and June. 

Equifax apparently found out within the last week or so, which is all the more interesting considering Equifax executives sold shares worth roughly $18 million dollars just several days after finding out about the hack and before the hack was made public. 

Interesting indeed.

At this point it is not clear whether those sales were planned or something else. 

The hackers have made a demand.

At first it wasn't clear exactly how much the hackers wanted for their troubles. 

Now, on a Darkweb site, the hackers have stated their demands.

They say they will delete the data they stole for a fee of 600 BTC, which is roughly $2.5 million dollars at current prices.

Their demand stated that if they do not receive the funds by September 15th, the data will be made public.

The hackers were even kind enough to share their reasons for their theft:

"We are just two people trying to solve our lives and those of our families. We did not expect to get as much information as we did, nor do we want to affect any citizen. But we need to monetize the information as soon as possible."

Also, the hackers added that if they are forced to publicize the data, they will be holding on to the credit card numbers, which would imply that they might plan on utilizing those for additional profit.

This represents an interesting situation for Equifax.

It is not clear when Equifax was made aware of the hacker's demands or even if they were made aware of demands before the public posting on the Darkweb site in the first place, but if they were it presents an interesting question...

In this particular situation, should Equifax have paid the ransom before it was made public?

The price the hackers are asking for is extremely small relative to the scope of their theft and relative to the size of Equifax.

In normal circumstances most companies would not negotiate with hackers.

However, since the price of Equifax stock dropped by roughly $2.5 billion when the news broke, and the hackers were only asking for roughly $2.5 million, it makes one wonder if in this case paying the ransom might have been the smarter thing to do? 

Even if there is no guarantee that paying it would have solved the problem...

What say you Steemit community? What was the correct play here for Equifax?

Let me know in the comments section below.

Stay informed my friends. 

Sources:

https://cointelegraph.com/news/equifax-hack-3-investors-sold-18-mln-shares-in-unclear-transaction

https://cointelegraph.com/news/equifax-hackers-demanding-26-mln-in-bitcoin-or-else

Image Sources:

http://time.com/money/4933204/equifax-hack-credit-report-identity-theft/

http://www.villaggioilgirasole.it/villaggi-in-toscana-news-ed-offerte/

Follow me: @jrcornel

Sort:  

Correction: Equifax executives sold roughly $2 million, not $18 million. Great article btw.

This hack is a very, very good example of why KYC/AML rules are a bad idea. When you have these centralized storehouses of sensitive personal info on millions of people, it's only a matter of time before a skilled attacker gains access.

Decentralized exchanges and free access for everyone - absent selfies that require customers to hold up their passports next to their faces, colonoscopy reports and credit checks - is the only way to go.

You can thank terrorists for that, since banks were relatively free with servicing customers until 9/11. After that, the governments all over really started to reign down on where the money is going and how its being spent. A lot of developed countries these days have their own kyc/aml regulations for their banking system.

And it doesnt help that a lot of companies invest very little money into their IT Security either.

It doesn't really matter how much money they invest in IT security anyways. With that much valuable info in one place, even inside jobs become profitable and likely.

Centralized data storage systems can't really be secured in this day and age.

Whoa ! Whoa!
it was yahoo and now it is equifax.
tomorrow it will be ...
Sad news.

very interesting I really like your posts I always follow your post there are many interesting things that I find. and I share your submissions to other friends. visit my post

Follow an fot me @imranroza

https://steemit.com/art/@imranroza/anugrah-terindah-2017910t05839323z

The fact that so many executives sold shares before the hack was revealed is incredibly fishy. They obviously knew, and should be punished for insider trading.

Not unless they grease the right palms. That's how it works in America.

A lot of people's ssn has been affected. In fact, I think that's most American citizens. See what happened to "Phrama Bro", they'll find something to stick them with.

I guess we are all EQUI-F&CKED !!

This is very interesting and I had not heard about it yet. If those numbers they are estimating are correct it could affect over half of all Americans! That truly is startling. I think that, in hindsight, they definitely should have just paid the ransom if they could keep it out of the news all together. If the news that they paid a ransom like that were to get out though, the number of people trying to exploit them would be huge.

This is done on A LOT of darknet markets as well. Bug hunters will search for valnerabilities and when they find 1, they provide proof and are paid based on the magnitude of the find. This is a bit different as its a ransom but nonetheless, sometimes it's worth the money on the off chance the info is true, even if the reasoning is solely to protect the stock price of the company from the reaction to FUD. Great, thought provoking piece as always!

Block chain technology can help play a role in cyber security... steemit and others stand to benefit as early adopters!

Equifax most likely purchased a lot of that info without anyone's consent. Let them burn.

Maybe I should be worried than I am, but am just unphased by this all.

Coin Marketplace

STEEM 0.26
TRX 0.20
JST 0.038
BTC 96962.96
ETH 3588.91
USDT 1.00
SBD 3.83