Russia got access to the files of its enemies in the FireEye hack

Mitch Prothero
·3 min read
putin
Russian President Vladimir Putin. Alexei Druzhinin/TASS via Getty
  • Two European security officials discussed the recent hack of the high-profile internet-security firm FireEye, with one telling Insider it was "frustratingly well done."

  • The sources said the US had briefed its allies in Europe about the hack and determined Russia to be the culprit.

  • One source, a NATO official, described the information obtained in the hack as "useful stuff to the GRU and FSB or just about anyone really."

  • "The real loss here — other than brutal embarrassment — is the value the Russian hackers gained by seeing inside the best tools used to counter them. Software can be patched, but knowledge cannot," the NATO official said.

  • Visit Business Insider's homepage for more stories.

The recent hack of the high-profile internet-security firm FireEye included the theft of powerful hacking tools and has required a concentrated effort by European government services to mitigate damage, according to security officials in Brussels and the Baltics who specialize in counterintelligence operations.

First announced in a blog post by FireEye CEO Kevin Mandia, the hack was described as very sophisticated and was quickly blamed on Russia by US officials briefing journalists in the US.

Two European intelligence officials - one who specializes in countering Russian intelligence operations in the Baltics, the other a military-intelligence officer assigned to NATO headquarters - told Insider the US had determined Russia was behind the hack and had briefed US allies in Europe before Tuesday's announcement. Neither source would confirm when the first briefing took place because such information could be of value to the hackers, but both said the operation was impressive.

"Frustratingly well done," the official in Brussels said. "Targeted the very tools used to protect sites from their attacks. And stealing them from a firm considered among the very best at stopping attacks just adds to it."

Mandia's blog post described some of the tools apparently captured by Russian government hackers as designed for testing website security by impersonating attacks.

"Useful stuff to the GRU and FSB or just about anyone really," the official at NATO said.

Both officials said fast action on the part of the US and FireEye had helped mitigate at least some of the negative effects of the leak. 

"The response has included patches, updates, and notes - it was fast, honest, and clear, as far as these things tend to go," the Baltic official said. "I believe the immediate threat of someone using these tools on highly controlled websites has been mostly mitigated."

The biggest win for the Russians would be access to the files of their adversaries, which would provide a benefit long after the stolen tools are patched into irrelevance

The longer-term dangers, the officials said, are concerns that even after the most secure government and technology sites are protected by patches, the stolen tools will pose threats to less secure sites and organizations for much longer.

"Over time these tools can get into the hands of less professional hackers who will direct them at much less secure sites," the NATO official said. "And this will be a drain on resources, but it does seem like all the software solutions to try and prevent this should help. It remains to be seen how this threat will evolve."

In many ways, the Baltic official said, the biggest win for the Russian hackers would be having had access to the files of their enemies, which would provide a benefit long after the stolen software tools were patched into irrelevance.

"The real loss here - other than brutal embarrassment - is the value the Russian hackers gained by seeing inside the best tools used to counter them," the official said. "Software can be patched, but knowledge cannot."

 

Read the original article on Business Insider