Sun Tzu - “All Warfare is Based on Deception” - Nude iCloud Photos, Home Depot and VirusTotal.com: Unintended Consequences and Internet Security

The Art of War
$7.88
By Sun Tzu

In the last few days, we’ve learned that numerous celebrities had their iPhone/iCloud photos hacked and posted. If this ever becomes a problem for you, first, don’t tell me (please), then see How to Keep Photos of Your Naked Body Off the Internet, which despite the title is safe for work and has good advice on protecting your cloud data.

Also, Home Depot has suffered a data breach that “may end up being far larger than Target’s” data breach in November and December of 2013. Indeed, analysis of the credit card information being sold online by KrebsonSecurity.com suggests that all Home Depot stores were hacked. “A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site, and those of the Home Depot stores shows a staggering 99.4 percent overlap.”

With those stories as background, Wired has a very interesting article on Google’s VirusTotal.com, which hackers are using to make sure their malware can’t be detected by virus checkers and other malware detection software and apps. VirusTotal.com describes itself as a “free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.”

Wired’s Kim Zetter writes, “Researchers, and anyone else who finds a suspicious file on their system, can upload the file to the site to see if any of the scanners tag it malicious. But the site, meant to protect us from hackers, also inadvertently provides hackers the opportunity to tweak and test their code until it bypasses the site’s suite of antivirus tools.”

So, what was intended to help coders write software that wouldn’t accidentally get tagged as malware, ends up helping hackers write malware that is less likely to be detected, which brought to mind this quote from Sun Tzu, author of “The Art of War,” who says:

All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.

And, VirusTotal.com made this relatively easy. Indeed, the most sobering takeaway from this article is, “It generally took (hackers) just minor tweaks to make their attack code invisible to scanners, underscoring how hard it can be for antivirus engines to keep pace with an attacker’s shapeshifting code.”

As I wrote in an earlier post, Start Memorizing PIN Numbers for Your Credit Cards.