Alexei Druzhinin/TASS via Getty
- Russia was behind the FireEye hack, two European security officials (one inside NATO) confirmed to Insider.
- Russia got pretty much everything it needed from the raid, our sources say.
- “Useful stuff to the GRU and FSB or just about anyone really,” said the official at NATO.
- “The real loss here — other than brutal embarrassment — is the value the Russian hackers gained by seeing inside the best tools used to counter them. Software can be patched but knowledge cannot,” said one source.
- Visit Business Insider’s homepage for more stories.
The recent hack of high profile Internet security firm FireEye included the theft of legitimately dangerous hacking tools and has required a concentrated effort by European government services to mitigate damage, according to security officials in Brussels and the Baltics who specialize in counter-intelligence operations.
First announced in a blog post by FireEye founder Kevin Mandia, the hack was described as very sophisticated and was quickly blamed on Russia but US officials briefing journalists in the United States.
Two European intelligence officials – one who specializes in countering Russian intelligence operations in the Baltics, the other a military intelligence officer assigned to NATO headquarters – confirmed to Insider that the US had determined Russia was behind the hack and had briefed US allies in Europe prior to Tuesday’s announcement. Neither source would confirm when the first briefing took place because such information could be of value to the hackers but both said the operation was impressive.
“Frustratingly well done,” said the official in Brussels. “Targeted the very tools used to protect sites from their attacks. And stealing them from a firm considered among the very best at stopping attacks just adds to it.”
Mandia’s blog post described some of the tools apparently captured by Russian government hackers as designed for testing website security by impersonating attacks.
"Useful stuff to the GRU and FSB or just about anyone really," said the official at NATO.
Both officials said that fast action on the part of the US and FireEye itself had helped mitigate at least some of the negative effects of the leak.
"The response has included patches, updates and notes, it was fast, honest and clear, as far as these things tend to go," said the Baltic official. "I believe the immediate threat of someone using these tools on highly controlled websites has been mostly mitigated."
The biggest win for the Russians would be access to the files of their enemies, which would provide a benefit long after the stolen tools are patched into irrelevance
The longer-term dangers, according to the officials, are concerns that even after the most secure government and technology sites are protected by patches, the stolen tools will pose threats to less secure sites and organizations for much longer.
"Over time these tools can get into the hands of less professional hackers who will direct them at much less secure sites," said the NATO official. "And this will be a drain on resources but it does seem like all the software solutions to try and prevent this should help. It remains to be seen how this threat will evolve."
In many ways, said the Baltic official, the biggest win for the Russian hackers would be having had access to the files of their enemies, which would provide a benefit long after the stolen software tools have been patched into irrelevance. "The real loss here - other than brutal embarrassment - is the value the Russian hackers gained by seeing inside the best tools used to counter them. Software can be patched but knowledge cannot," said the official.
Read more:
Hunter Biden laptop mystery hints at a Russian disinformation operation, source tells Insider