The Equifax Hack Revisited and Repurposed Flashcards
What seems to be the purpose behind AG Barr’s indictment of the four Chinese military personnel for hacking into the Equifax servers in 2017?
To draw attention away from the real problems
When (month/year) did Bloomberg Businessweek speculate that the hack was state sponsored and likely done by Chinese? When did Barr announce the indictment?
September 2017 and February 2020
What is the likelihood that China will honor the U.S. arrest warrants of the four military personnel? If the situation were reversed, would you expect the U.S. to extradite four of its military personnel to China to stand trial?
Not likely; I suspect the US would not extradite military personnel to China
Which service on the Equifax server infrastructure was hacked?
Equifax’s Online Dispute Portal
Was an Apache patch available at the time of the hack?
Yes
Approximately what percentage of the U.S. adult population had their personally identifiable information compromised?
Approximately 50%
Did Barr find that Equifax had taken “reasonable measures to keep their trade secrets secret?”
Yes
Did the U.S. Senate agree with Barr that Equifax had taken reasonable measures to protect its data?
No
How many cyber-vulnerabilities were discovered by the IT audit of Equifax network infrastructure in 2015?
More than 8500 vulnerabilities
The article lists eight security failures of Equifax prior to the breach that were identified by the U.S. Senate. List five of them.
Lack of IT asset inventory, no method for validating patches, no further audits, a clueless CISO, and no isolated networks
In the final Equifax settlement, how much money was paid to the Equifax victims on average?
US$3 per victim
Was Equifax’ security policy adequate?
No it was not adequate
What educational background did the Equifax CISO have that qualified her for the position?
Music composition
