Hackers Execute Sophisticated Strike On Government Cybersecurity Contractor Bit9

Aliya Sternstein | Nextgov | February 11, 2013

Unprotected computers at a cybersecurity contractor that services the Defense Information Systems Agency and many other federal agencies were compromised in a way that enabled the company's product to run viruses on customer networks.

The incident echoes a 2011 hack job at security vendor RSA where outsiders stole the contractor's proprietary login technology to gain access to RSA-protected defense companies’ networks. This time, the target was Bit9, a firm specializing in so-called application whitelisting, which is intended to allow only those software programs listed as safe to operate. Reporter Brian Krebs of the blog Krebs on Security broke the news of the breach Friday afternoon.

DISA, the departments of Justice and Commerce, Immigration and Customs Enforcement (an arm of the Homeland Security Department), the National Transportation Safety Board, Centers for Disease Control and Prevention,  and General Services Administration recently acquired Bit9 tools, according to contract records, agency reports, and government spending databases reviewed by Nextgov...