According to various media, a small but highly explosive text file is currently buzzing through the web: a list of over 5.600 VirusTotal customer names. It contains the names of employees of German and US secret services. You have registered with VirusTotal.
The text file may be tiny, but the names on VirusTotal's customer list show that many public bodies, agencies and companies use the service and have data checked. After all, this is quite convenient, because data or web addresses can be checked online there using currently over 70 different antivirus programs and malware scanners.
The BSI already warned last year
In this context, the BSI warned a year ago that no data should be transferred to the platform, because in principle third parties can then access it. Because every registered customer has access to other data that has already been checked. For example, a DOC file with secret content. At that time, it was already established that, as part of an incident in an institution, suspicious e-mail attachments that were moved to quarantine were regularly uploaded to VirusTotal in a partially automated manner. This content was confidential and could be seen by any other customer. Even then, the BSI assumed that cyber gangsters had also registered and were on the lookout for confidential data on a daily basis, which meant that data leaked out undetected.
Name, organization and email addresses leaked
In the file now available to Spiegel.de and Standard.at, the name, the organization and the e-mail addresses should be found. Der Spiegel also reports that the list has been verified and is therefore authentic. The mirror noticed that some of the names of officials can also be found on the LinkedIn network. Entries under Organization Cyber Command of the USA are particularly sensitive. According to Spiegel, however, there are also other entries from the Ministry of Justice, the FBI and the NSA. It should also be possible to find official bodies from the Netherlands, Taiwan and Great Britain.
Furthermore, the users from German authorities, such as the MAD, Federal Police or the Federal Criminal Police Office should be found. According to Spiegel, employees of the BSI should also be on the list - although they themselves had warned against using VirusTotal. Even if the list does not contain any passwords, the leak shows who is dealing with IT security and malware in the corporations, services and organizations. This allows spear phishing or other social attacks.
Editor/sel