Reuters: Russian defense Ministry gained access to the cyber defense system of the Pentagon
The Ministry of defense of Russia have studied the code of the system ArcSight, which is the basis of cybersecurity, most us army units. This was reported by Reuters. According to the Agency, access to the Ministry to the system provided its sponsor, Hewlett Packard Enterprise (HPE).
Sources told the Agency that the source code is carefully guarded HP ArcSight. Moscow, however, got access to the code during the system certification for sale to the Russian public sector.
The developers ArcSight and American intelligence officials told Reuters that, after examining the code, the Russian side could find vulnerabilities in software. At the same time discovered vulnerability can help hackers to hide a cyber attack from the us military.
“This is a huge vulnerability in security. You definitely provide internal access and a potential tool for the invasion of the enemy”, — told the Agency former developer security ArcSight Greg Martin.
As explained by sources to Reuters, Russia is studying the system ArcSight engaged in related to the Russian military industry company “Echelon”, which specializiruetsya on information security and data protection. “Echelon” has received a request for inspection of the code system from the Federal service for technical and export control (FSTEC), said the sources.
President and owner of a controlling stake in “Echelon” Alexey Markov told Reuters that the company is obliged to notify the Russian authorities about the presence of the discovered vulnerabilities. However, he said that before report the problem to the authorities, they have notified the developer of the system — HPE. After receiving her permission to transfer data of the vulnerability was informed of the Russian government.
FSTEC has confirmed the words of Markov, saying in a statement that workers of the Russian laboratories will immediately notify manufacturers about the vulnerabilities and only then send the report in the government “Bank data security threat information.”