Hackers hijack Bit9 to target its customers with malware

Hackers have breached the security company Bit9 and accessed its code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files, the vendor announced Friday.

Bit9, based in Waltham, Mass., is a provider of technology that enables its approximately 1,000 global customers, which includes Fortune 500 companies and government agencies, to create a "whitelist" of approved software, while everything else is blocked. The solution typically is viewed as an alternative to traditional anti-virus.

But, according to a blog post Friday from Bit9 CEO Patrick Morley, miscreants were able to turn Bit9's secret sauce against them by getting a hold of the vendor's digital signatures and then delivering malware to a handful of customers that appeared to be on their trusted list of software. Security blogger Brian Krebs was the first to report the story.

In other words, the hackers' goal was to compromise Bit9 so they could then break into the ultimate target organization's network without being detected.

Three unnamed customers were affected, Morley said. As a result of the breach, Bit9 has revoked the compromised certificate, secured its systems and updated its product so that it will detect a similar misuse in the future.

Morley blamed the breach on an operational breakdown.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," the post said. "As a result, a malicious third-party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

It's unclear how the intruders initially gained access to Bit9 systems.

"We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," Morley wrote.