Russia hack on FireEye gave them everything they needed

  • Two European security officials discussed the recent hack of the high-profile internet-security firm FireEye, with one telling Insider it was “frustratingly well done.”
  • The sources said the US had briefed its allies in Europe about the hack and determined Russia to be the culprit.
  • One source, a NATO official, described the information obtained in the hack as “useful stuff to the GRU and FSB or just about anyone really.”
  • “The real loss here — other than brutal embarrassment — is the value the Russian hackers gained by seeing inside the best tools used to counter them. Software can be patched, but knowledge cannot,” the NATO official said.
  • Visit Business Insider’s homepage for more stories.

The recent hack of the high-profile internet-security firm FireEye included the theft of powerful hacking tools and has required a concentrated effort by European government services to mitigate damage, according to security officials in Brussels and the Baltics who specialize in counterintelligence operations.

First announced in a blog post by FireEye CEO Kevin Mandia, the hack was described as very sophisticated and was quickly blamed on Russia by US officials briefing journalists in the US.

Two European intelligence officials — one who specializes in countering Russian intelligence operations in the Baltics, the other a military-intelligence officer assigned to NATO headquarters — told Insider the US had determined Russia was behind the hack and had briefed US allies in Europe before Tuesday’s announcement. Neither source would confirm when the first briefing took place because such information could be of value to the hackers, but both said the operation was impressive.

“Frustratingly well done,” the official in Brussels said. “Targeted the very tools used to protect sites from their attacks. And stealing them from a firm considered among the very best at stopping attacks just adds to it.”

Mandia’s blog post described some of the tools apparently captured by Russian government hackers as designed for testing website security by impersonating attacks.

“Useful stuff to the GRU and FSB or just about anyone really,” the official at…