Author Topic: ccleaner security incident aftermath  (Read 1166 times)

0 Members and 1 Guest are viewing this topic.

Offline 5bak5

  • Newbie
  • *
  • Posts: 5
ccleaner security incident aftermath
« on: September 19, 2017, 10:39:41 PM »
Hi, I realise that this is not the piriform website, but since Piriform is now a subsidiary of Avast Technologies, I'm posting here. The CCleaner breach is troubling, but I appreciate Avast's swift and response and disclosure.
However, given the attack vector involved, I'm concernd about a few things.
First, Piriform is based in London. We ALL should know that the UK government & GCHQ have stated how much they would LOVE backdoors, and given there is no written constitution or 4th Amendment (like the US), I wouldn't at all be surprised if the government was behind this. They might have tried to take steps to look like some developing world hackers, but this is a classic MO of western intelligence, and given the organised and sophisticated nature of this, I think it does need to be at least considered.
Second of all, I think Avast should answer whether or not this backdoor gobbled up users keystrokes and/or browsing history with all the other data, so any company reps, please ask and get an answer on this!!
Welcome to anyone else's thoughts and concerns! Thanks

« Last Edit: September 20, 2017, 07:37:46 PM by 5bak5 »

Offline 5bak5

  • Newbie
  • *
  • Posts: 5
Re: ccleaner security incident aftermath
« Reply #1 on: September 20, 2017, 07:36:11 PM »
Hi, could we get a reply from an Avast company representative on the concerns on this?
« Last Edit: September 20, 2017, 07:38:36 PM by 5bak5 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 79200
  • No support PMs thanks
Re: ccleaner security incident aftermath
« Reply #2 on: September 20, 2017, 07:57:09 PM »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 17.8.2318/ Outpost Firewall Pro9.3/ Firefox 52.5.2 ESR, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline 5bak5

  • Newbie
  • *
  • Posts: 5
Re: ccleaner security incident aftermath
« Reply #3 on: September 21, 2017, 12:29:07 AM »
Hi DavidR, thank you for replying. I read the material from the links you provided, and all the documentation provided by the CTO of Avast and the blog posts from Piriform. I would contact Avast directly, but there is no free support other than FAQ's and forums.
 As a European company, there is an extra onus on Avast to disclose information related to cyber privacy and crimes. I thank Avast for honoring their agreements, as few companies actually hold up their end of the bargain these days, and Avast has gone above and beyond here. However, I do need someone from the company to confirm whether or not there was a keystroke logging mechanism, or if the material sought included browsing history and/or download history, to this backdoor. I saw that Avast does not think that any actual harm was done to end-users. However, I am very technical and I have read other users' opinions, and NO ONE anywhere is mentioning the possibility of a state-sponsored attack/hack. I do not blame Avast or even Piriform. I blame whomever is responsible for the attacks. I'm just saying that if I were at the helm of Avast or even Piriform, I would want to know the details, because we don't even know how this malware was written. Was it an inside job? Were computers, code repositories, or the download server affected by some sort of malware injection? Were the offices burgled/broken into and the computers infected? You'll see why I want an answer. This isn't some hack because of simple negligence. This really points to an organised attack, and I don't think the hackers were after simple metadata listed by the Avast CTO already like the software installed, system type, computer name, etc.
I honestly think that this was an elaborate operation conducted by an intelligence agency, and everyone should consider that. If an agency wanted a devastating backdoor, they wouldn't compromise an app like a browser or a messaging client, more likely a much lower-profile piece of software like a COMPUTER CLEANER of all things!
I know some people have, and already will, just assume that I'm some crazy, paranoid fool, but I just ask that the company, and users on this forum to think for themselves and just consider it within the realm of possibility. /end rant
« Last Edit: September 21, 2017, 12:31:45 AM by 5bak5 »

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 49500
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ccleaner security incident aftermath
« Reply #4 on: September 21, 2017, 06:31:55 AM »
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Offline 5bak5

  • Newbie
  • *
  • Posts: 5
Re: ccleaner security incident aftermath
« Reply #5 on: September 21, 2017, 07:26:34 AM »
Thanks, Asyn. Based on the new developments, I don't think there should be any doubt left about whether this was a state-sponsored targeted attack. While it's a relief that most of the 2.27 million affected users were not the intended targets, I would still like to know if browsing history was collected!

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 49500
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ccleaner security incident aftermath
« Reply #6 on: September 21, 2017, 07:31:24 AM »
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Offline 5bak5

  • Newbie
  • *
  • Posts: 5
Re: ccleaner security incident aftermath
« Reply #7 on: September 21, 2017, 07:41:38 PM »
Well, I seem to be incorrect about the government behind the attack, Cisco believes that Group 72, backed by China, may be behind the attack, given the code recycling that went on, code used in previous attributed attacks. I still think that users should be wary of trusting British companies based on the rhetoric of many parties, not just the government, and with the passage of the landmark invasive privacy intrusion bill, the call for backdoors, and the battle against encryption. I'm happy to hear that Avast has changed the infrastructure and brought Piriform onto Avast server infrastructure. Still, I am MUCH more comfortable with information and data being stored on servers based in Prague (Czechia) for example, than in London, imho.
I look forward to further developments, and I am so glad that there has been such a proactive, global response to this heinous attempt.
Group 72 info: https://krebsonsecurity.com/tag/group-72/

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 49500
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ccleaner security incident aftermath
« Reply #8 on: September 22, 2017, 08:37:30 AM »
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0