
Hackers breached 3 US antivirus companies, researchers reveal - furcyd
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
======
stefan_
Haha, is this what it takes to get a fearmongering article into arstechnica? A
Wix website and an IDA screenshot that shows.. nothing at all?

Like, that IDA view is literally what you get when you open IDA on a binary or
compressed file and pretend it's x86 assembly. Empty functions list and a
navigation bar that is showing all white data.

~~~
ziddoap
You should try and write a fearmongering article and see if it makes it in!

Seriously though, it's not like they ran the story solely because of a
screenshot. Other things they likely considered (being a reputable news source
[1]) would include the source of the information and historical accuracy of
that source, additional source material that was not fit for publication
(confidentiality, irrelevent beyond proving accuracy of information, etc.),
and other independent verification (reaching out to potential affected
companies, communication with the sellers, viewing the advertisement for the
material, etc.).

On top of that, writing the article in this way allows for expansion and
updates as more information is confirmed or comes to light.

Welcome to how reputable news companies work. They generally don't make stuff
up on the spot based on a screenshot.

[1][https://mediabiasfactcheck.com/ars-
technica/](https://mediabiasfactcheck.com/ars-technica/)

------
brian_herman__
Anyone know which three us antivirus companies they hacked?

~~~
24gttghh
Yeah, this article doesn't say a whole lot without that information...

~~~
phaus
The article is fine. If you read it you would have discovered that the hackers
claim to be selling access to three US AV companies. This is a group of
attackers that has a history of selling access to large organizations, so
there's a good chance that what they are offering is real. It doesn't sound
like the hackers have revealed the names of the companies. If they did reveal
the names, the value of what they are selling would be significantly lower.

~~~
dgzl
> The article is fine. If you read it you would have discovered that...

> It doesn't sound like the hackers have revealed the names of the companies.

It sounds like the article isn't clearly stating that the hackers haven't
revealed the names of the companies, rather requires intuition of the reader
to figure out. IMO the journalist should be more clear.

------
jammygit
So, they are claiming to have done so but did not reveal which ones?

The spy in me wonders if this is fake to discourage campaigns to use AV
software in the coming elections. The non-spy just worries about my company's
AV software.

------
thrower123
It'd be nice to know which ones, so I can push back more effectively if anyone
tries to force us to use something besides the builtin Windows AV on our
development workstations.

Running Visual Studio or building npm/bower-based web projects on a machine
that has one or, god help you, two or three of these deep-scanning real-time
protection clusterflips is like watching paint dry in a monsoon.

