According to a Reuters report, Russian cybersecurity experts were granted access to the source code of Pentagon’s security software by its maker, Hewlett Packard Enterprise.
HPE thought that it is safe to send the code of ArcSight for review to a Russia-based defense agency. ArcSight is used by HPE and the Pentagon to boost the security of their networks.
Reuters learned about the mishap from multiple sources “with direct knowledge of the situation” and Russian public records. The news organization found that the Russian government has the key to ArcSight, a cyber defense system the U.S. military is using.
The source code was given to Russian experts for review in an effort from HPE to obtain the license to sell the product in Russia.
The Russians’ findings following the review have not been reported, and Reuters seems to have more info on the issue than U.S. authorities. HPE confirmed that the code was submitted for review but added that the review is done under the software maker’s strict supervision which means that the code wasn’t compromised.
Cyber Defense System Probably Compromised
U.S. experts, on the other hand, think the software may have already been compromised. The Russians could exploit weaknesses in the software and prepare a stealthy cyber-attack on the Pentagon.
Greg Martin who worked on ArcSight, told Reuters that the software now has a “huge security vulnerability”. In other words, a rival state has just been granted inner access to the software and potential exploits.
ArcSight detects intrusions in computer systems and potential hacking. The system informs analysts of any potential breaches or suspicious activity within the network. If one knows the software’s source code they can bypass its defenses and hack a network without being detected. However, breaking into a Pentagon network is easier said than done in the real world.
Image Source: Wikimedia