Hackers breached security firm Bit9, then attacked its customers

BOSTON Sat Feb 9, 2013 4:02am IST

Related Topics

Stocks

   

BOSTON (Reuters) - Security software maker Bit9 on Friday said that computer hackers have breached its network, then launched a second round of attacks against some of its customers.

The hackers accessed a system that Bit9 said it uses to digitally sign its software to let customers know it is safe to run on their computers. The hackers then forged Bit9's digital signature on malicious software, which they used to attack some of its customers, according to the privately held company.

Bit9 said in a blog post on Friday that it believed the hackers were able to access one of its internal systems because the company had failed to properly install its own software throughout its network.

Bit9, which has about a 1,000 customers including U.S. government agencies and major defense, energy and financial companies, is one of the leading providers of security technology known as "white listing."

Unlike traditional anti-virus software, which seeks to block malicious programs, white listing looks to protect systems from attack by only allowing computers to run programs from trusted vendors.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," Chief Executive Patrick Morley wrote on Bit9's blog. "As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware."

After discovering the breach, Bit9 said it identified three customers who were attacked with malicious software that was digitally signed with falsified credentials.

A Bit9 spokesman declined to identify the victims, describe the capabilities of the malicious software used in the attacks or say if the hackers had succeeded in harming its clients.

It is not the first time that hackers have breached a security firm as part of a sophisticated scheme to access data at one of their customers.

EMC Corp's (EMC.N) RSA Security division disclosed that it was breached in 2011. Two months later hackers used information stolen about RSA's SecurID system to launch attacks against Lockheed Martin Corp (LMT.N).

Bit9's website said its customers include the U.S. military, intelligence agencies, five of the top 10 aerospace and defense companies in the Fortune 500, six of the top 10 petroleum refineries and three of the top 10 banks.

The company raised $35 million in funding in July from a group of investors led by Sequoia Capital. Other investors include Atlas Venture, Highland Capital Partners, Kleiner Perkins Caufield & Byers and .406 Ventures.

(Reporting by Jim Finkle, editing by G Crosse)

FILED UNDER:
Photo

After wave of QE, onus shifts to leaders to boost economy

DAVOS, Switzerland - Central banks have done their best to rescue the world economy by printing money and politicians must now act fast to enact structural reforms and pro-investment policies to boost growth, central bankers said on Saturday.

TECH WRAP

Reuters Showcase

Obama's Message

Obama's Message

In parting shot, Obama prods India on religious freedom.  Full Article 

Armyman Killed

Armyman Killed

Indian army colonel killed in Kashmir fighting.  Full Article 

Uber in Delhi

Uber in Delhi

Uber scraps commissions for its New Delhi taxis.  Full Article 

Company Earnings

Company Earnings

Maruti promises clarity on cash plans.  Full Article 

Japan Hostages

Japan Hostages

Japan vows to work with Jordan to secure hostage release.  Full Article 

RK Laxman Dead

RK Laxman Dead

'Common Man' cartoonist RK Laxman dead at 93  Full Article 

India’s Male Tenor

India’s Male Tenor

India’s lone male tenor wants to ‘Indianise’ opera  Full Article 

Facebook Outage

Facebook Outage

Hacker group claims it is behind outages at Facebook, other sites  Full Article 

U.S. Blizzard

U.S. Blizzard

`Life-threatening' blizzard shuts down much of U.S. Northeast  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage