RSA-like sophisticated attack strikes another security contractor

Bit9, a security firm that services the U.S. government and major corporations, has "suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software." The "whitelisting" services that Bit9 provides help organizations develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. Bit9 received reports from at least three customers of malware "that was digitally signed by Bit9′s own encryption keys. . .The upshot of the intrusion is that with a whitelist policy applied to a machine, that machine will blindly trust and run anything signed by Bit9." The company said attackers managed to compromise some of Bit9′s systems that were not protected by the company’s own software. Once inside, the firm said, attackers were able to steal Bit9′s secret code-signing certificates. https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/