11 comments

[ 2.8 ms ] story [ 47.4 ms ] thread
> That shade is a reference to the Equifax execs who sold around $1.8 mil in company stock after Equifax discovered the breach — but before it alerted the public.

According to CNBC, this is false information. The insiders who sold claimed to be unaware of the breach at the time of the sale and also the sale was scheduled beforehand.

Claims can be made and the apparent filing was never done for it to be scheduled.

There's no way a breach like that is discovered and the upper management/execs aren't notified.

They are going to try and push hard to get that narrative in people's heads. We'll know the truth when it gets investigated.

Are you saying it is false that 1.8mil in stock was sold or that the execs didn't know about the leak?

What is your source for this being a 10b5-1 scheduled sale I heard on CNBC a reporter accidentally misspeak (it was clear that she did) and say that it was scheduled but from CNBC website it was not: "The sales don't appear to be the type of regularly scheduled incremental sales that insiders typically use when selling their company holdings" https://www.cnbc.com/2017/09/08/suspect-trading-in-equifax-o...

And Bloomberg has also looked at the filings and said that it is not: "none of the filings lists the transactions as being part of 10b5-1 scheduled trading plans." https://www.bloomberg.com/news/articles/2017-09-07/three-equ...

These are the 3 Form 4 filings for the stock sales from the execs: https://www.sec.gov/Archives/edgar/data/33185/00008992431701... https://www.sec.gov/Archives/edgar/data/33185/00008992431701... https://www.sec.gov/Archives/edgar/data/33185/00008992431701...

For reference here are two filings for when stocks are sold with a 10b5-1 secluded sale plan where you see in the footnotes the sale is a 10b5-1 scheduled sale: https://www.sec.gov/Archives/edgar/data/1564408/000120919117... https://www.sec.gov/Archives/edgar/data/1325214/000148024814...

For reference on the footnotes of the Form 4 filings: "A 10b5-1 plan must be established through a third party, but does not need to be filed with the SEC. The only way we get to learn that a transaction is planned is by examining footnotes on the Form 4 filings for references to 10b5-1" https://blog.form4oracle.com/2009/09/29/10b5-1-plan-planned-...

Best pay up, Equifax. Even if it is a scam, $2.6m is a drop in the bucket of the total potential damage.

Though suppose this group does have the actual data and does get the ransom. What is to stop them from holding onto it to milk it for all it's worth?

Never pay ransoms. There is a great book "American Kingpin: The epic hunt for the criminal mastermind behind the silk road". In it, Ross Ulbricht said every time they paid hackers, they came back increasing the attacks and demands.

"If you give a mouse a cookie, he's going to ask for a glass of milk. When you give him the milk, he'll probably ask you for a straw. When he's finished, he'll ask you for a napkin."

Refuse to pay the ransom? The credit card numbers are still worth a lot. You're only reducing their payoffs a little bit.

If anything, posting the ransom increases the chances that the FBI can track them (since it's hosted on a Tor server)

The FBI's Tor exploit works on visitors to a Tor hidden service, but doesn't work to identify operators of a Tor hidden service. However it is very easy to misconfigure a Tor hidden service and have it leak identifying information.
Lol never pay ransoms how about never secure so much data with out of date technology that makes it easy to steal to save money or never sell stocks with inside information. Equifax might not even exist after this leak so as Ross Ulbricht once said if the company will be bankrupt you might as well try paying the ransom. The mouse has already finished his milk, cookie, and everything else that he can and is now asking for a napkin there is nothing left to take from Equifax.
Paying out anonymous folks that demand ransom of copyable data is futile. There won't be incentive to not leverage the data even if the ransom were to be paid.

The reality is that BTC helps to facilitate various criminal behavior, some of which would not exist otherwise.

If 4100 were to break today, there would be greatly increased probability of accelerated downside. This is deserved since BTC is leveraged by criminals such as in this case. Don't be surprised if this ends up becoming the case as a form of public penalization of such criminal behavior.

Imo, assuming the hackers are acting logically, the payment of the random will be followed up by another request for more money or the sale of said data on the black market.

Since they are anonymous, there is no logical reason to keep their word. It's not like they have a reputation to keep up.

It's an asymmetrical game of tit-for-tat. If the hackers don't keep their word often enough the companies won't play the game again. Pay regardless of the hackers keeping their word and you make yourself vulnerable.