According to the sources, Russia received access to ArcSight’s source code. The developer of the software, Hewlett Packard Enterprise, is trying to win the certification required to sell the product to Russia’s public sector, which is why the company let Russia study the code.
Reuters says that the review was carried out by Russian company Eshelon, which has close ties with Russian military. The President of the company told the media that he is required to report any vulnerabilities his team discovers in the software to the Russian government, after obtaining the developer’s permission.
Experts say that Moscow might find weak spots of the software, which could enable hackers to blind the US military to a cyber-attack.
“It’s a huge security vulnerability,” said Greg Martin, a former security architect for ArcSight. ”You are definitely giving inner access and potential exploits to an adversary.”
The issue is bringing up concern, as Russia is suspected pf meddling in the latest US presidential election, and possible links of current president, Donald Trump with the Kremlin. Trump himself repeatedly called such charges a witch hunt.