Pentagon’s Security Software Source Codes Provided to Russian Defense Agency
Wait, what?! Yes, it is true. Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to dissect the source codes for the security software used by the U.S. military. The HPE program, deemed ArcSight, alerts analysts when there are concerns computer systems are under attack. ArcSight is also used throughout the private sector. So why would HPE do this? According to Newsweek, it was in an effort to become certified to sell ArcSight to Russia’s public sector.
Providing the source codes to the Russian defense agency led to major security concerns for other organizations using ArcSight. By allowing a third-party to dissect the core of the program, it could expose unknown vulnerabilities, which in turn could be used maliciously. Newsweek reported,
“Exploiting vulnerabilities found in ArcSight’s source code could render it incapable of detecting that the military’s network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defense systems.
Pomeroy went on to state,
“A response to the attack would then be frankly impossible.”
It is rather shocking HPE would provide such valuable information to the Russians when they are a known U.S. adversary. Alan Paller, the founder of the SANS Institute reported he did not find HPE’s decision surprising, considering source code disclosure is required to conduct business in Russia.
HPE has already found quite the consumer base. Russian government reports show ArcSight is already being used by several state firms and companies with close ties to the Kremlin.
**Please note, the PC Matic team will not be able to provide additional details regarding this matter. All of the information we have available to us, has been included within this post. However, if you are a PC Matic customer and find yourself in need of software assistance, you may reach out to our support team at https://www.pcmatic.com/help