ID: IRCNE2013021756
Date: 2013-02-13
According to “ITPro”, security software vendor Bit9 had its own network broken into by hackers who then launched attacks on some of its customers.
The hackers accessed a system that Bit9 said it uses to digitally sign its software to let customers know it is safe to run on their computers. The hackers then forged Bit9's digital signature on malicious software, which they used to attack some of its customers, according to the privately held company.
Bit9 said in a blog post on Friday that it believed the hackers were able to access one of its internal systems because the company had failed to properly install its own software throughout its network.
Bit9, which has about a 1,000 customers including US government agencies and major defence, energy and financial companies, is one of the leading providers of security technology known as "white listing."
Malicious third party was able to illegally gain temporary access
Unlike traditional anti-virus software, which seeks to block malicious programs, white listing looks to protect systems from attack by only allowing computers to run programs from trusted vendors.
"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," Chief Executive Patrick Morley wrote on Bit9's blog. "As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware."
After discovering the breach, Bit9 said it identified three customers who were attacked with malicious software that was digitally signed with falsified credentials.
A Bit9 spokesman declined to identify the victims, describe the capabilities of the malicious software used in the attacks or say if the hackers had succeeded in harming its clients.
It is not the first time that hackers have breached a security firm as part of a sophisticated scheme to access data at one of their customers.
- 2