Technology solutions firm Hewlett Packard Enterprise Co. (HPE – Get Report) allowed a Russian defense agency to scrutinize its ArcSight software used by the Pentagon, Reuters reported.
The U.S. military uses the cyber defense software to safeguard its computer networks and alert analysts when computer systems may come under attack. The software is also widely used by private sector companies.
Russian regulatory filings show HPE allowed a Russian defense agency called Echelon to comb through the software’s source code and inner workings so HPE could win approval from regulators to sell ArcSight to public sector firms in the country last year. The review could aid Moscow in finding ArcSight’s weaknesses and help Russian attackers gain the element of surprise in any possible military computer network hacking.
“It’s a huge security vulnerability,” former ArcSight security architect Greg Martin said. “You are definitely giving inner access and potential exploits to an adversary.”
Echelon president Alexey Markov said he was required to send information about any weaknesses his firm found in the ArcSight source code to the Russian government, but only after he had reported the weaknesses to HPE and gained permission from the company to disclose vulnerabilities.