Story image

FireEye data leaks continue - or are the hackers just trolling?

15 Aug 17

Hackers have released another batch of information supposedly belonging to cybersecurity firm FireEye, two weeks after they were able to compromise a FireEye researcher’s social media accounts.

According to reports, the hackers published another PasteBin dump, which accuses FireEye of a coverup.

“Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake. They knew we had access to JIRA, Their IDF workshop wasn't a part of Adi Peretz's job. They knew Adi Peretz wasn't working on Bank Hapoalim," The PasteBin dump says.

"They said our documents was "public", are license files, private contract documents, private IDF workshops and internal network topologies public? If they weren't public why did you removed our files and from public file hosting? Why did you removed our first Pastebin message? They knew the truth and they're hiding it from their customers and the public,” it continues.

The data dumps apparently contain Cisco licences, Illusive’s confidential report, a ClearSky document and more – but Twitter reports suggest there isn’t much to the files.

The hackers have also taken to using hashtags on social media, under the name #leaktheanalyst. Debate has surfaced about the legitimacy of the files and whether the hackers are simply on a trolling mission.

Last week FireEye’s Steven Booth posted a blog in which he states FireEye’s networks were not breached, although that wasn’t for lack of trying.

The researcher, a Mandiant employee who was hacked, however, had in fact been a victim of other third party breaches, including the LinkedIn breach that happened last year.

The hackers didn’t get access to the victim’s personal or corporate computers, although Booth says the attacker did release three corporate FireEye documents using information from the victim’s corporate online accounts.

“All of the other documents released by the attacker were previously publicly available or were screen captures created by the attacker. A number of the screen captures created by the Attacker and posted online are misleading, and seem intentionally so. They falsely implied successful access to our corporate network, despite the fact that we identified only failed login attempts from the attacker,” Booth says.

Booth says that after the breach was discovered, FireEye contacted the victim and identified customers named in the breach, disabled the victim’s corporate accounts and send a message to all employees to be vigilant about their personal accounts.

“We understand the trust our customers place in FireEye, and we will continue to do all we can to earn and keep that trust. We will also engage with law enforcement and intelligence agencies as appropriate, as we routinely do to identify and prosecute cyber criminals. We thank you for your support during this ongoing investigation,” Booth says in the blog.

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”