Russia got access to security suite used by Pentagon
HP Enterprise has given a Russian company acting on behalf of Moscow access to the source code of ArcSight. Several large companies, banks and government agencies use ArcSight, including the Pentagon.
The source code of ArcSight was inspected last year by Echelon, a Russian company that worked for the Russian Federal Service for Technical and Export Control, which, among other things, plays a role in ensuring state security. According to Reuters, that report about the inspection, Echelon also has ties to the Russian military service.
Reuters spoke to former ArcSight employees, ex-US intelligence officials and security experts who said the source code review may provide the Russian government with knowledge of vulnerabilities. Echelon reports that it is obliged to report vulnerabilities it finds to Moscow, but that it first informs the company itself of any deficiencies in the software.
ArcSight collects and analyzes log data from security tools, operating systems, applications and other sources to reveal attacks and other malicious activity. Several large companies, banks and other institutions use ArcSight. However, according to Reuters, the Pentagon also uses the software, which makes access to the source code salient. The US accuses Russia of conducting hacking activities against the country. Washington has now banned the use of Kaspersky for government agencies due to concerns about ties with the Russian government. The originally Russian company has offered to provide access to the source code of its security suite, but as far as we know, the US has not accepted this.
According to HPE, access to the source code has been granted in order to obtain certificates necessary to supply the products to the Russian public sector. HPE states that access was only provided under supervision, at a location outside of Russia. Earlier it was revealed that IBM, Cisco and SAP had made certain source code available to the Russian government.
Update, Wednesday, 15.00: Emphasizes the importance of the Pentagon’s use of the software and the tensions between the US and Russia.