Hackers breached security firm Bit9, then attacked its customers

Advertisement
By Reuters | Updated: 11 February 2013 19:53 IST
Security software maker Bit9 on Friday said that computer hackers have breached its network, then launched a second round of attacks against some of its customers.

The hackers accessed a system that Bit9 said it uses to digitally sign its software to let customers know it is safe to run on their computers. The hackers then forged Bit9's digital signature on malicious software, which they used to attack some of its customers, according to the privately held company.

Bit9 said in a blog post on Friday that it believed the hackers were able to access one of its internal systems because the company had failed to properly install its own software throughout its network.

Advertisement

Bit9, which has about a 1,000 customers including U.S. government agencies and major defense, energy and financial companies, is one of the leading providers of security technology known as "white listing."

Unlike traditional anti-virus software, which seeks to block malicious programs, white listing looks to protect systems from attack by only allowing computers to run programs from trusted vendors.

Advertisement

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," Chief Executive Patrick Morley wrote on Bit9's blog. "As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware."

After discovering the breach, Bit9 said it identified three customers who were attacked with malicious software that was digitally signed with falsified credentials.

Advertisement

A Bit9 spokesman declined to identify the victims, describe the capabilities of the malicious software used in the attacks or say if the hackers had succeeded in harming its clients.

It is not the first time that hackers have breached a security firm as part of a sophisticated scheme to access data at one of their customers.

Advertisement

EMC Corp's RSA Security division disclosed that it was breached in 2011. Two months later hackers used information stolen about RSA's SecurID system to launch attacks against Lockheed Martin Corp.

Bit9's website said its customers include the U.S. military, intelligence agencies, five of the top 10 aerospace and defense companies in the Fortune 500, six of the top 10 petroleum refineries and three of the top 10 banks.

The company raised $35 million in funding in July from a group of investors led by Sequoia Capital. Other investors include Atlas Venture, Highland Capital Partners, Kleiner Perkins Caufield & Byers and .406 Ventures.

© Thomson Reuters 2013

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. How to Watch the FIFA World Cup 2026 Final Live Stream in India
  2. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  3. Redmi Note 17 Pro Global Variant Appears on NBD Database Alongside Poco Model
  4. Airtel Revises Postpaid Portfolio, Removes Rs. 549 Individual Plan
  5. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  6. Tecno Camon 50 Ultra 5G With a 6,500mAh Battery Debuts in India: See Price
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.