SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
FireEye data leaks continue - or are the hackers just trolling?
Tue, 15th Aug 2017
FYI, this story is more than a year old

Hackers have released another batch of information supposedly belonging to cybersecurity firm FireEye, two weeks after they were able to compromise a FireEye researcher's social media accounts.

According to reports, the hackers published another PasteBin dump, which accuses FireEye of a coverup.

“Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake. They knew we had access to JIRA, Their IDF workshop wasn't a part of Adi Peretz's job. They knew Adi Peretz wasn't working on Bank Hapoalim," The PasteBin dump says.

"They said our documents was "public", are license files, private contract documents, private IDF workshops and internal network topologies public? If they weren't public why did you removed our files and from public file hosting? Why did you removed our first Pastebin message? They knew the truth and they're hiding it from their customers and the public,” it continues.

The data dumps apparently contain Cisco licences, Illusive's confidential report, a ClearSky document and more – but Twitter reports suggest there isn't much to the files.

The hackers have also taken to using hashtags on social media, under the name #leaktheanalyst. Debate has surfaced about the legitimacy of the files and whether the hackers are simply on a trolling mission.

Last week FireEye's Steven Booth posted a blog in which he states FireEye's networks were not breached, although that wasn't for lack of trying.

The researcher, a Mandiant employee who was hacked, however, had in fact been a victim of other third party breaches, including the LinkedIn breach that happened last year.

The hackers didn't get access to the victim's personal or corporate computers, although Booth says the attacker did release three corporate FireEye documents using information from the victim's corporate online accounts.

“All of the other documents released by the attacker were previously publicly available or were screen captures created by the attacker. A number of the screen captures created by the Attacker and posted online are misleading, and seem intentionally so. They falsely implied successful access to our corporate network, despite the fact that we identified only failed login attempts from the attacker,” Booth says.

Booth says that after the breach was discovered, FireEye contacted the victim and identified customers named in the breach, disabled the victim's corporate accounts and send a message to all employees to be vigilant about their personal accounts.

“We understand the trust our customers place in FireEye, and we will continue to do all we can to earn and keep that trust. We will also engage with law enforcement and intelligence agencies as appropriate, as we routinely do to identify and prosecute cyber criminals. We thank you for your support during this ongoing investigation,” Booth says in the blog.