Security software maker Bit9 said that computer hackers have
breached its network, then launched a second round of attacks against
some of its customers.
The
hackers accessed a system that Bit9 said it uses to digitally sign its
software to let customers know it is safe to run on their computers. The
hackers then forged Bit9's digital signature on malicious software,
which they used to attack some of its customers, according to the
privately held company.
Bit9 said in a blog
post that it believed the hackers were able to access one of its
internal systems because the company had failed to properly install its
own software throughout its network.
Bit9,
which has about a 1,000 customers including US government agencies and
major defense, energy and financial companies, is one of the leading
providers of security technology known as "white listing."
Unlike
traditional anti-virus software, which seeks to block malicious
programs, white listing looks to protect systems from attack by only
allowing computers to run programs from trusted vendors.
"Due
to an operational oversight within Bit9, we failed to install our own
product on a handful of computers within our network," Chief Executive
Patrick Morley wrote on Bit9's blog. "As a result, a malicious third
party was able to illegally gain temporary access to one of our digital
code-signing certificates that they then used to illegitimately sign
malware."
After discovering the breach, Bit9
said it identified three customers who were attacked with malicious
software that was digitally signed with falsified credentials.
A
Bit9 spokesman declined to identify the victims, describe the
capabilities of the malicious software used in the attacks or say if the
hackers had succeeded in harming its clients.
It
is not the first time that hackers have breached a security firm as
part of a sophisticated scheme to access data at one of their
customers.
EMC Corp's RSA Security division
disclosed that it was breached in 2011. Two months later hackers used
information stolen about RSA's SecurID system to launch attacks against
Lockheed Martin Corp.
Bit9's website said its
customers include the US military, intelligence agencies, five of the
top 10 aerospace and defense companies in the Fortune 500, six of the
top 10 petroleum refineries and three of the top 10 banks.
The
company raised $35 million in funding in July from a group of investors
led by Sequoia Capital. Other investors include Atlas Venture, Highland
Capital Partners, Kleiner Perkins Caufield & Byers and .406
Ventures.
