@metacurity seems to me that at least part of this activity is promotional, to drive traffic to new breach sites. But maybe. Time will tell

@hrbrmstr at its core corporate threat detection systems are just broadly scoped automated surveillance systems operating at scale. I built them professionally for a number of years so I guess I’m pretty desensitized to it, but even I remember getting squeamish about some of the things I implemented

I built and deployed an automated insider risk detection solution on top of user behavior analytics derived from endpoint, network, DNS, and proxy logs for a Fortune 100 a couple years back. It’s able to effectively answer questions like:

- “Is this user thinking about leaving the company?”

- “Is this user facing personal, professional, or financial stressors?”

- “Is this user considering taking actions that might adversely impact the company or expose trade secrets?”

If any of those conditions (or other indicators) exist, it flags the user for closer scrutiny by a human analyst. They don’t actually need to *do* anything crimey to get flagged, they just need to demonstrate that they’re considering doing something crimey.

Things like that are standard fare in the threat detection world. That’s why it’s recommended to keep personal affairs far away from your corporate environment.

A user has no reasonable expectation of privacy when utilizing any security tool that performs automated threat detection

@hrbrmstr referencing the heat Huntress is getting?

I think it’s interesting to read the hot takes from the more privacy oriented peeps

Not me anxiously waiting to see where the SLH apology letter(s) lead.

#threatintel