Arrest Made In FireEye Corporate Network Hacking Attempt


Printer-friendly version Email this CRN article

The person who attacked the personal online accounts of a FireEye employee several months ago was arrested and taken into custody Thursday by international law enforcement, FireEye said Thursday.

The Milpitas, Calif.-based company worked with law enforcement and spent hundreds of hours investigating a hacker's July claim that he had breached FireEye's corporate network, according to CEO Kevin Mandia. But these attackers rarely, if ever, get caught, Mandia said.  

"Over my career, I have found it frustrating how little risk or repercussions exist for the attackers, who hide behind the anonymity of the internet to cause harm to good, well-intentioned people," Mandia told Wall Street analysts Wednesday. "Therefore, I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys."

[Related: FireEye Mandiant Analyst Reportedly Hacked, Attackers Claim Further Leaks Possible]

FireEye announced in August that the hacker didn't breach, compromise or access the company's corporate network, despite multiple failed attempts to do so. Instead, the attacker used credentials for the victim's social media and email accounts exposed in publicly-disclosed third-party breaches to access the employee's personal online accounts.

The attacker publicly released three FireEye corporate documents obtained from the victim's personal online accounts, according to an Aug. 7 blog post from FireEye Chief Security Officer Steven Booth. Two customer names were identified in the employee's personal email and disclosed by the hacker.  

Customers or prospects concerned about the attack were able to sit down with Mandia or FireEye's CISO and talk through what happened, according to CFO and Chief Accounting Officer Frank Verdecanna. Although it took some time to get through those discussions, Verdecanna told CRN that he doesn't believe the incident had a significantly negative impact on FireEye's performance in the quarter.

At the same time, though, Mandia told CRN that FireEye had to sink a "tremendous" amount of time and effort into investigating the hacker's claims. That efforts a lot of direct, real costs on the company, according to Mandia.

"I don't want to underestimate the unfairness of the situation of an anonymous person making false claims," Mandia told CRN. "You have to prove the negative, which is really annoying."       

All told, Verdecanna said the negative impact of the attack was primarily centered around the time it took FireEye to get to the bottom of what happened and convincing customers that the company wasn't breached.  

"Had we been breached, that would have been a whole different ballgame," Verdecanna told CRN. "The fact is that we were able to prove that we weren't breached."

Printer-friendly version Email this CRN article