back to article VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees. The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally …

  1. Clausewitz4.0 Bronze badge
    Black Helicopters

    Yummy !

    This reportedly included more than 20 US Cyber Command email addresses, as well as those belonging to the US Justice Department, FBI and NSA

    I cannot understand those folks registering with their .GOV / .MIL email address for any service at all - Ashley Madison, Virus Total, PornHub, Swingers, etc...

    Is it too difficult to create a proton.me email ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Yummy !

      I don't see how VirusTotal lumps in with "Ashley Madison, PornHub, Swingers, etc..."

      Have you had your dried frog pills today?

      1. Clausewitz4.0 Bronze badge
        Black Helicopters

        Re: Yummy !

        I don't see how VirusTotal lumps in with "Ashley Madison, PornHub, Swingers, etc..."

        Past leaks of government officials using work email address on those services.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yummy !

          Yeah, but I don't think anyone's wife would be particularly bothered if they found out their husband had a secret VirusTotal account.

    2. Anonymous Coward
      Anonymous Coward

      Real cyber-security exposure is extremely rare

      Learning such skills is not trivial. Neither being paranoid is common, while in fact it should be the default mode of operation.

    3. Graham Cobb

      Re: Yummy !

      These were employees of customers of VirusTotal who had accounts on it relating to their work. It would be against employer policies to provide anything other than their official email addresses.

      The issue is completely with VirusTotal - and I hope these important customers reconsider whether a company that can't keep their customer data confidential is a suitable provider of security-related services to customers like military and government.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yummy !

        Security related services for military and government shouldn't be entrusted to private sector. Come to think of it, none of the military and government services should be entrusted to private sector.

        Yeah, yeah, competition, free enterprise, you're a commie and all the crap.

  2. Anonymous Coward
    Anonymous Coward

    False sense of security

    VirusTotal may have some use cases. But from my experience for phishing and scam sites the detection rate is near zero. Not sure about malware.

    1. sitta_europea Silver badge

      Re: False sense of security

      "VirusTotal may have some use cases. But from my experience for phishing and scam sites the detection rate is near zero. Not sure about malware."

      I hear what you're saying about the false sense of security which could perhaps represent a danger. I'm sure I've seen evidence for it but it would only be anecdotal so I'll say no more about that.

      The threat profile from emails arriving here might not be typical, but I can share some of my experience, which is long and well documented.

      I'm unable to comment on VirusTotal's (email) phishing and scam site detection performance because I haven't measured it, but I'd say it's pretty good for malware.

      My milters, using a few simple Yara rules, routinely catch malware in email which multiple commercial and free virus scanners fail to identify. I have records for the last four hundred or so samples and about fifteen scanners courtesy of Jotti's Virus Scan. When I submit samples using our homebrew API to Jotti, very few threats are missed by all the scanners but the norm is for most of them to miss most threats. If I submit the threats (manually) to VirusTotal, the percentage of threats missed by all of the more than seventy scanners that they use is negligible, but again many of them seem to miss most threats.

      You simply cannot rely on scanners alone. If you do, you are going to be compromised.

      HTH

    2. NoneSuch Silver badge
      Boffin

      Re: False sense of security

      "VirusTotal may have some use cases. But from my experience for phishing and scam sites the detection rate is near zero. Not sure about malware."

      No one should rely on a single source for protection. VirusTotal (and any other service you care to name) is no where near to being perfect. The best solution is to use a multi-layer protection system of multiple software scanners with firewalls, internal threat scanners and employing people who know how to intelligently interpret the results.

    3. Kurgan

      Re: False sense of security

      Virustotal is a system made of imperfect tools. Every antivirus program is an imperfect tool. The sum is a somehow less imperfect tool.

      I use it a lot, and if the results show that it's malware, then usually it actually is malware. If the result comes out clean, then it's definitely NOT CLEAN. It usually means that no antivirus software gets that pattern right.

      Still it's a useful check. Just don't trust it blindly if the result is "clean".

      1. Anonymous Coward
        Anonymous Coward

        Re: False sense of security

        Anti virus engines have 2 modes of operation traditionally.

        Signature matches

        Heuristics

        The latter can generate false positives.

        I’ve had malware infested files given the clean bill of health by virustotal only to scan that same binary 10 years later and it has a trojan, an actual signature match so not a false positive.

        The reality is, ask yourself this, what exactly IS malware

        Clue, it’s malicious software

        So basically all modern software is malware because it rarely acts in the end users interest.

        Windows 10 is malware

        Windows defender is great at finding keygens, but not so good at detecting actual malware

  3. Anonymous Coward
    Anonymous Coward

    Surprise, surprise, surprise........

    (1) Google................what a surprise!!!

    (2) Then there's this from last year......amazing!! Link: https://isc.sans.edu/diary/Credentials+Leaks+on+VirusTotal/28426

  4. Terry 6 Silver badge

    "not the result of a security breach or vulnerability"

    Err, so a staff member being able to make a file of data available isn't just that?

    It doesn't have to be an outside baddie to make it a security breach.

  5. John Brown (no body) Silver badge

    Compensation for the victims?

    I'm all those spooks will be happy with a complimentary one year subscription to some random "identity protection" service :-)

  6. Ian Johnston Silver badge

    Why does this matter, exactly?

    1. Roland6 Silver badge

      A reminder that even bright people can do daft things.

      Given what we know, would not be surprised if the person at the centre of this simply “went on autopilot” and checked the file (as per good practise) before forwarding it to someone else.

      Would not be surprised, if as a result of this, Virustotal sees an increase in the number of users “inspecting” files others have uploaded.

  7. Anonymous Coward
    Anonymous Coward

    You check some

    You lose some…

  8. Anonymous Coward
    Anonymous Coward

    CSV files are plaintext

    I fail to understand these cretins, or how their smoothbrains work.

    Anybody up to the challenge of explaining them?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like