Hacked Network Security Company Bit9 Wooed Bank Business

An internet network security company that once wooed bank’s business has been hacked, and was being used by criminals to help spread malicious software, according to the tech blog KrebsOnSecurity.

Bit9 confirmed the news in a blog post — explaining that “due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network.

“As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.”

From @BrianKrebs:

Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.

At one time, Bit9 boasted financial services clients, such Omgeo, Putnam Investments and Thomson Financial. The company was also one of Bank Technology News magazine’s top 10 companies to watch in 2008.

From a @BankTechNews story, in 2008:

Is it time to get out of the anti-virus arms race? If new security vendor Bit9, Inc. gets its way, banks may soon be able to eliminate virus scans altogether. Instead of trying to track every new virus and piece of malicious codes that appears, the Waltham, MA-based security vendor allows only the good software to run.

Today, the company has an index of over seven billion applications that fall into the “good guy” category. If a user wants to run a new piece of software, it’s checked against this list, and if it’s not on the list, it doesn’t run.

They’re the only vendor that’s produced such a list, says Gartner analyst Peter Firstbrook. And it’s the perfect solution for desktops that are only supposed to run a limited set of software – such as point of sale terminals, he says.

From BTN’s Top 10 Companies to Watch in 2008 listing:


STATUS: Private FOUNDED: 2002 CEO: Patrick Morley

BECAUSE: Unauthorized software is wreaking havoc on organizations, so its enterprise whitelisting of millions of unique applications lets the good guys in, keeps the bad guys out.

PARTNERS: BigFix, McAfee, Kaspersky, Guidance Software

It’s no surprise that the use of unauthorized software has become the bane of CIOs’ existence. For the first time in history, more malware was created in 2007 than in all prior years combined. Whether criminal malware or peer-to-peer products innocently downloaded by employees, unauthorized software is wreaking havoc on organizations. Bit9’s endpoint security is working to change that through its enterprise application whitelisting, which determines what software and devices can operate on desktops and servers without relying on malware signatures or behavioral patterns.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s