Before companies like Microsoft and Apple release new software, the code is reviewed and tested to ensure it works as planned and to find any bugs.
Hackers and cybercrooks do the same. The last thing you want if you’re a cyberthug is for your banking Trojan to crash a victim’s system and be exposed. More importantly, you don’t want your victim’s antivirus engine to detect the malicious tool.
So how do you maintain your stealth? You submit your code to Google’s VirusTotal site and let it do the testing for you.
It’s long been suspected that hackers and nation-state spies are using Google’s antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups—including, surprisingly, two well-known nation-state teams—as they used VirusTotal to hone their code and develop their tradecraft.
The word hacker may have a negative connotation, but AT&T wants to show the world how it can lead to positive innovation.
“That’s the old connotation,” said Carlton Hill, VP of device operations and developer services for AT&T. “To hack on something doesn’t mean that. It’s to break it open, its to play with it and get a ton out of it.”
For the last three years, the telecommunications company has calling on developers, marketers, designers and innovators to work together to create tech solutions for common problems. The participants usually have 24 hours to come up with an idea and prototype for each project, and a winner is awarded at each event. Most of the stops are themed around an issue, including the upcoming Houston, Texas event on Friday which will focus on apps to help the disabled
Check out an infographic that puts all of the data breaches of the last few years in visual terms
You probably know to watch out for phishing attempts — broad, massive email efforts to get you to hand over personal financial information like a credit card number or to click on a website link that could allow malware to steal information from your computer. Theyre usually riddled with spelling errors and terrible formatting. Spearphishing is subtler, because its aimed at intelligence gathering. It “often takes the form of key personnel inside an organization being emailed a malicious file,” Graham Cluley of Sophos Security told NBC News Tuesday.
Some experts also say executives should identify their most prized intellectual property and keep it off of networked computers and consider evasive action – such as having 100 versions of a critical digitized blueprint and only one that is genuine, with the right one never identified in emails.
“There is a reason that people fly halfway around the world to have a one-hour meeting,” Joffe said of intelligence agencies.
“We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem? – Lulz Security.”
Lulz is a derivative of lol (laugh out loud) that has evolved to mean doing something because you can and you get satisfaction out of it -Ed.