Submitted via IRC for chromas
The US Military Just Publicly Dumped Russian Government Malware Online
Usually it's the Russians that dump its enemies' files. This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries' malware it has discovered.
CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack US systems: we may release your tools to the wider world.
"This is intended to be an enduring and ongoing information sharing effort, and it is not focused on any particular adversary," Joseph R. Holstead, acting director of public affairs at CYBERCOM told Motherboard in an email.
On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine and repository for malware. Once uploaded, VirusTotal users can download the malware, see which anti-virus or cybersecurity products likely detect it, and see links to other pieces of malicious code.
(Score: 0) by Anonymous Coward on Monday November 12 2018, @11:15PM
No of course not. I'd be willing to say that an evaluation was made to tell if what's being dumped is in active use by our own TLAs to ensure that no active bugs were dumped first. Both make it look like we're the good ones revealing these security holes to the world when they've really been decommissioned as viable exploits by our TLAs. I have no evidence for this, but it follows logically that our TLAs would not leak anything in active use.
Actually there is. if a TLA is actively using that hole.
How do we know that it was the fault of budget cuts and not a TLA plant? You don't think they do that? They intercept Cisco routers in the mail and plant bugs. It's been documented. I mean if we're going to end someone's career over this let's get the right guys ok?
Please calm down and lay off the Kool Aide. If you have legitimately been the victim of a bank information leak then you really need to hire the services of a lawyer to recoup those financial loses you had to endure due to the incident. If not, getting hurt about a non-event only hurts you.
Note: TLA = Three Letter Agency, FBI, CIA, NSA, DEA, etc.