Originally published at: https://boingboing.net/2020/12/08/hacked-fireeye-discloses-breach-and-theft-of-internal-hacking-tools.html
…
Imagine that, stockpiling hacking tools is detrimental in the long run.
Hack the hacking hackers.
You folks are completely missing the point.
Maintaining security online requires systematic testing and simulated attacks of key systems – that’s what a firm like FireEye does. If a company that houses your data ISN’T doing that, then they’re reckless and putting YOUR data in danger. Further, the article explicitly says that FireEye wasn’t hoarding zero-days.
Firms like FireEye are BAD for governments that want to spy on you, because their business increases the security of networks and systems online. So, rather than trying to hack many fortified networks and systems, some government went after the guardians themselves, and raided their toolkits.
Security researchers and firms do what they do to keep data safe. Celebrating an attack on them is equivalent to criticizing the dog barking to warn you about the murderer trying to get into your house.
Whoa whoa whoa, relax.
It’s not an act of war if your President hangs out in the same Jacuzzi as their President.
Seems like it’s a bit of work to ensure the hackers will be able to use a set of tools there aren’t adequate defenses for…
> The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.
Translation: it was a 15 year old script kiddie haxoring away in their mom’s basement
Hukhukhoaaaark!
Who else read all that in Liam Neeson’s voice?
The first rule of writing internal hacking tools is that you write them in a proprietary language that runs on a proprietary OS on proprietary hardware. That way, if anybody steals your executables they will have a heck of a time figuring out what they do.
I work for a cybersecurity firm. This is probably a big deal. But also their press release on the issue is not necessarily, uh, true.
They say that they were attacked by a nation-state class attacker. I mean, maybe. But it sounds so much better for them if they say that - yeah, we got owned, but only by the Extreme Elite Force.
I don’t actually know how good their red team tools are, but red teams are routinely repelled - you actually kind of expect that to happen pretty often. If they were attacked by a “nation state” level attacker, that adversary probably already has as good or better. Again it seems like hype to claim that the attackers were after their Elite Red Team Tools.
I don’t have any inside info on this, I only know what I read in the links provided here and other public sources. But my experience with reporting on attacks is that you can’t put much credence in what the attacked say - they immediately go into defensive PR mode. And we may never know who was responsible, attribution in cases like these is difficult to impossible. (Although in hind sight you can often figure it out, since if a novel tool is used in an attack, and it can later be positively attributed to an adversary, then previous attacks with that tool are probably also from that adversary. This is one of the reasons that state level attackers often leak vulnerabilities, so that when they use them themselves, they can’t retroactively be outted)
David Perdue
Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools
This topic was automatically closed after 5 days. New replies are no longer allowed.