Most active commenters
  • (4)

←back to thread

An attacker’s blunder gave us a look into their operations

(www.huntress.com)
154 points mellosouls | 14 comments | 09 Sep 25 15:42 UTC | HN request time: 1.008s | source | bottom
1. s46dxc5r7tv8 ◴[09 Sep 25 16:15 UTC] No.45184165[source]
Disturbing that they would be proud enough of spying on their users to post this. Threat intelligence is nearly as bad as the threats themselves. From crowdstrike destroying computer systems to this type of spying on their own users, who wants to trust these people? What happened to holding microsoft accountable for the security of their products?
replies(4): >>45184879 #>>45185444 #>>45185892 #>>45190067 #
2. Finnucane ◴[09 Sep 25 16:59 UTC] No.45184879[source]
For some value of 'spying', I guess. This is a product, as noted above, that say, a corporate IT dept. is installing in your company-issued laptop. Which means the customer, that is, not you, is okay with this behavior; it is what they are paying for.
replies(1): >>45185338 #
3. ◴[09 Sep 25 17:28 UTC] No.45185338[source]
4. cbisnett ◴[09 Sep 25 17:35 UTC] No.45185444[source]
It’s not that we’re spying on users for fun. We’re analyzing the browser history so determine if the history contains any sites that are associated with malicious activity. We definitely don’t care about your pr0n
replies(4): >>45186058 #>>45191567 #>>45192556 #>>45194489 #
5. hunter-gatherer ◴[09 Sep 25 18:05 UTC] No.45185892[source]
So many of the comments here seem to be completely unaware of what an EDR does. Do none of you all work for companies with managed devices? There isn't anything abnormal here...

I work on a REM team in a SOC for a big finance company all you US people know. An employee can't hardly fart in front of their corporate machine without us knowing about it. How do you all think managed cyber security works?

replies(2): >>45186111 #>>45192632 #
6. lostlogin ◴[09 Sep 25 18:14 UTC] No.45186058[source]
I wouldn’t lead with this in the marketing. It’s entirely disturbing.
7. mc32 ◴[09 Sep 25 18:17 UTC] No.45186111[source]
They might be under the impression that all this activity is looked at by someone for curiosity’s sake -snooping. It isn’t. People only look and discover if there is reason (a critical alert or some legal action). No one goes snooping to see what sites Joe visited this morning for no reason at all.
replies(1): >>45186519 #
8. boston_clone ◴[09 Sep 25 18:36 UTC] No.45186519{3}[source]
> No one goes snooping to see what sites Joe visited this morning for no reason at all.

In fact, I have worked at several organizations in which this type of activity would be a terminable offense.

replies(1): >>45187205 #
9. ◴[09 Sep 25 19:12 UTC] No.45187205{4}[source]
10. ◴[09 Sep 25 22:14 UTC] No.45190067[source]
11. rcxdude ◴[10 Sep 25 00:34 UTC] No.45191567[source]
But you are spying on users?
12. jml7c5 ◴[10 Sep 25 02:45 UTC] No.45192556[source]
You're supposed to spy on an organization's users and machines for the benefit of the organization that has contracted you. That's not what you're doing here. You've taken an adversarial relationship with your (potential) customer, acting to harm them.

Presumably legal, but morally gray.

13. ◴[10 Sep 25 02:57 UTC] No.45192632[source]
14. zer00eyz ◴[10 Sep 25 07:41 UTC] No.45194489[source]
Jesus.

I can rob people one at a time or I can go rob the bank. I can break into your clients one at a time or I can break into your "security" company.

Where is the product that keeps that data, your infrastructure safe? Why arent you selling that. Oh wait there is no such thing as it does not exist.

You are a compromise by a state level actor waiting to happen. In fact if you were compromised by a state level actor it is in your companies best interest to cover it up rather than disclose it (as that would be the end of your organization).

It's the fox guarding the hen house.

At some point were going to find out that a government, China, Russia, India.... used you, or one of your peers doing the same. This is taking off my shoes at the airport levels of stupid and ineffective.

I spend a fair bit of time talking to C-levels. The bulk of them use your services not because they think they are effective but because they know that they can point the finger at you when the shit hits the fan.