Anti-Hacking Company Hacked – And No, This Isn’t An Onion Headline

Ghost Protocol, the fourth movie in the popular Mission impossible series, involves hacking, password decoding, cryptocracy and network hijacking action for thriller and SciFi fans.

Operative Ethan Hunt is blamed for a terrorist attack and is forced to go off the grid and team up with other fugitive operatives to prove their innocence. Unfortunately, cyber espionage and hacking are not only happening in movies.

FireEye, one of the world’s largest cybersecurity firms, became the latest victim of hacking.  You heard that right, a cybersecurity firm was hacked!  And it seems like the perpetrators went on a sophisticated hacking spree for some time. FireEye’s systems are used by hundreds of thousands of institutions globally, including most Fortune 500 companies and multiple U.S federal agencies which are now scrambling to patch up their networks.

How did this attack come about?

After examining 50,000 lines of code of Solar Winds Corp, one of FireEye’s software vendor, a vulnerability was discovered, which the hackers took advantage of to gain access into the system. The stolen data contains the internal, custom-crafted penetration testing tools used by the company to imitate different threat actors during customer security consultations. In other words, FireEye’s “test” hack tools were stolen, and the perpetrators effectively hacked the company’s hacking ability.

There is a saying in the industry that there are only two types of companies – those that have been breached and those who do not know they have been breached. FireEye has taken the right steps by updating the public regularly and working with law enforcement, intelligence community and security partners. The company has not explicitly indicated the party responsible but indicated “top-tier offensive capabilities” of the attackers.

This is a serious data breach that highlights the level of sophistication from some of these rogue players. The good news is that following the hacking of its tools, FireEye has released a set of more than 300 countermeasures and patches to mitigate the exposed vulnerabilities. This incident also demonstrates how even the most sophisticated cybersecurity companies are vulnerable to cyber-attacks.

you To continue fighting cybercrime it is key for the security industry to collaborate and step up their efforts to protect our cyberspace. The threats are growing and always evolving. As Ginny Rometty, Executive Chairman of IBM said: “Cybercrime is the greatest threat to every company in the world.” From an individual perspective, please be careful about emailing sensitive information, giving out personal information, and be on the lookout for hackers, because they are everywhere.

Important Disclosure: This email is limited to the dissemination of information pertaining to Withum Wealth Management (“Withum Wealth”) and general economic market conditions. Nothing contained herein should be construed as personalized advice, or an offer or solicitation to buy or sell any securities. Past performance is not indicative of future results, and there is no guarantee that the views and opinions expressed in this commentary will come to pass. Withum Wealth is neither a law firm nor an accounting firm, and no portion of this commentary should be construed as legal or tax advice. You are advised to consult with separate legal or tax advisors with respect to any legal or tax advice. Withum Wealth does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to WWM’s web site or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly. Withum Wealth is an investment adviser registered with the SEC. For information pertaining to the registration status of Withum Wealth, please refer to the Investment Adviser Public Disclosure website ( For additional information about Withum Wealth, including fees and services, send for our written disclosure statement as set forth on Form ADV Part 2A.