FireEye, a top cybersecurity firm, says it was hacked
WASHINGTON >> For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.
Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies — may be exacting their revenge.
FireEye revealed Tuesday that its own systems were pierced by what it called “a nation with toptier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own toolkit, which could be useful in mounting new attacks around the world.
It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the FBI’s investigative tools. In fact, FireEye said Tuesday, moments after the stock market closed, that it had called in the FBI.
The $ 3.5 billion company, which partly makes a living by identifying the culprits in some of the world’s boldest breaches its clients have included Sony and Equifax declined to say explicitly who was responsible. But its description, and the fact that the FBI has turned the case over to its Russia specialists, left little doubt who the lead suspects were and that they were after what the company calls “Red Team tools.”
These are essentially digital tools that replicate the most so
phisticated hacking tools in the world. FireEye uses the tools with the permission of a client company or government agency to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.
The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention including FireEye’s was focused on securing the presidential election system. At a moment that the nation’s pub
lic and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their attention to other targets.
The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still- unidentified group that calls itself the ShadowBrokers. That group dumped the NSA’s hacking tools online over several months, handing nation- states and hackers the “keys to the digital kingdom,” as one former
NSA operator put it. North Korea and Russia ultimately used the NSA’s stolen weaponry in destructive attacks on government agencies, hospitals and the world’s biggest conglomerates at a cost of more than $10 billion.
The NSA’s tools were most likely more useful than FireEye’s since the U. S. government builds pur pose - ma de d ig it a l weapons. FireEye’s Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.
Still, the advantage of using stolen weapons is that nation-states can hide their own tracks when they launch attacks.