Russians Allowed to Dissect Pentagon’s Security Software

Pentagon’s Security Software Source Codes Provided to Russian Defense Agency

Wait, what?!  Yes, it is true.  Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to dissect the source codes for the security software used by the U.S. military.  The HPE program, deemed ArcSight, alerts analysts when there are concerns computer systems are under attack.  ArcSight is also used throughout the private sector.  So why would HPE do this?  According to Newsweek, it was in an effort to become certified to sell ArcSight to Russia’s public sector.

Providing the source codes to the Russian defense agency led to major security concerns for other organizations using ArcSight.  By allowing a third-party to dissect the core of the program, it could expose unknown vulnerabilities, which in turn could be used maliciously.  Newsweek reported,

“Exploiting vulnerabilities found in ArcSight’s source code could render it incapable of detecting that the military’s network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defense systems.

Pomeroy went on to state,

“A response to the attack would then be frankly impossible.”

It is rather shocking HPE would provide such valuable information to the Russians when they are a known U.S. adversary.  Alan Paller, the founder of the SANS Institute reported he did not find HPE’s decision surprising, considering source code disclosure is required to conduct business in Russia.

HPE has already found quite the consumer base.  Russian government reports show ArcSight is already being used by several state firms and companies with close ties to the Kremlin.

**Please note, the PC Matic team will not be able to provide additional details regarding this matter.  All of the information we have available to us, has been included within this post.  However, if you are a PC Matic customer and find yourself in need of software assistance, you may reach out to our support team at https://www.pcmatic.com/help

(Visited 4,492 times, 1 visits today)

2 thoughts on “Russians Allowed to Dissect Pentagon’s Security Software

  1. I’m just a lowly single human with no more worries than my own ccard numbers & my bank accts and NO great wealth in any of them, BUT I am beginning to feel as tho all this digital environment is about to completely floor us all – where do we go when our banks are mainly just digital slots/help-desks, and nobody with any real expertise is in any banks and/or many have no physical offices for you to just go to for help ? Once all these systems are compromised we have lost our financial controls – I remember working in a bank at age 16 in London in 1956, sorting physical checks & watching the cashiers count physical gobs of cash – and nobody left that branch at night unless every single cent was accounted for !!!!! Have we just digitalized ourselves into a horror story ? I am beginning to feel like my mattress may be safer than my bank accounts ! This is why so many are becoming ‘preppers’ – we are all just 1 super hacker away from total disaster !

  2. My question is, since HP is a government contractor it would have to advise the agencies that they are contracted to to provide such sensitive information. If this is the case, this would breach their NDA disclosure agreement, unless of course those agencies under agreement allowed this to take place.??.

Leave a Reply

Your email address will not be published. Required fields are marked *