HPE 'gave Russian government access' to Pentagon cyber defence software


HPE has come under fire after reports claimed the company gave Russian defence forces access to review software it sold to the Pentagon to supposedly protect the agency's networks.

According to regulatory records seen by Reuters, HPE gave Russian defence agencies access to its ArcSight software as part of a bid to gain the certification needed to sell its software to the Russian public sector.

The site quoted several former US military sources and former ArcSight employees as saying that this view into the internal workings of the software's source code, could help Russia detect potential weak spots in Pentagon cyber-defences that could be targeted in future attacks.

HPE told Reuters that no “backdoor vulnerabilities” were uncovered in the Russian review, but declined to provide further details. A company spokesperson did add that neither its source code or any of its products had been compromised.

The review reportedly took place last year as American suspicions of Russian cyber-espionage were reaching a significant high, following claims of attacks against US government agencies and even potential hacks on the 2016 Presidential election.

Greg Martin, a former security architect for ArcSight, told Reuters that the review constituted, "a huge security vulnerability" adding, ”You are definitely giving inner access and potential exploits to an adversary.”

It was completed on behalf of Russia’s Federal Service for Technical and Export Control (FSTEC), a defence agency tasked with countering cyber espionage, and was carried out by a company named Echelon, which is known to have close ties to the Russian military. Russia has also held long-term suspicions that US forces are attempting to carry out surveillance using computer software, but the FSTEC review apparently found no issues to report.