Security Experts:

Hacker Falsely Claiming to Breach FireEye Arrested, CEO Says

The hacker who falsely claimed to have breached FireEye -- it was just the personal online accounts of one employee -- was arrested by international law enforcement and taken into custody on October 26, FireEye CEO Kevin Mandia said Wednesday.

"These attackers rarely, if ever get caught and therefore I'm pleased, that in this case we're able to impose repercussions for the attacker and achieve a small victory for the good guys," Mandia said during a conference call.

He did not provide the name for the hacker, nor the location for the arrest. In July 2017, the hacker made grandiose claims that he was part of a new LeakTheAnalyst operation aimed at doxing the security professionals who hunt hackers. "Let's trash their reputation in the field," he posted to Pastebin. In reality, he had little of any value, taken from the online accounts of one FireEye employee.

According to FireEye's CFO Frank Verdecanna, the incident is not thought to have had any significant negative effect on FireEye's financial performance over the last three months, beyond the internal cost and time required to investigate the hacker's claims. "I don't want to underestimate the unfairness of the situation of an anonymous person making false claims," Mandia told CRN. "You have to prove the negative, which is really annoying."       

The hacker's arrest was announced at FireEye's Q3 Earnings Results Conference Call on Wednesday. While Q3 performance was a little better than expected, FireEye is still yet to report a profit since it went public in 2013. During Q3, the net loss attributable to shareholders narrowed to $72.9 million (41 cents per share) from $123.4 million (75 cents per share) a year earlier.

This would indicate that FireEye is moving in the right direction. However, investors were disappointed in the forecasts made for Q4. "For Q4, we're now expecting billings in the range of $210 million to $230 million, and revenue in the range of $190 million to $196 million," announced Verdecanna. He believes that the firm is on track to deliver non-GAAP operating profitability in Q4.

Investors evidently hoped for better. Analysts, on average, were expecting total revenue of about $195.6 million, at the top end of FireEye's forecast, according to Thomson Reuters I/B/E/S. The effect was an immediate tumble in share price on NASDAQ in aftermarket trading (at the time of publishing, it is down 12%).

In publicity terms, it has been a challenging period for FireEye. Apart from the alleged hack and the new tumble in share price, it has been employed to investigate the massive Equifax breach. While this is positive, the firm reportedly removed a case study from its website where Equifax endorsed FireEye for protecting it from zero-day attacks. However, FireEye's technology is typically used to protect against advanced malware attacks that leverage zero-day vulnerabilities in popular operating systems and business applications such as Microsoft Office and Adobe Flash. The Equifax hack was pulled off by leveraging a vulnerability in Apache Struts, which was used by a web application and allowed the attack to happen assumingly without requiring malware to be used.

One positive area for FireEye is strong growth in sales of its new Helix product announced in November 2016. Helix helps accelerate incident response with automation and orchestration by leveraging detection capabilities from FireEye's Endpoint Security (HX) and Network Security (NX) engines, along with FireEye iSIGHT Intelligence.

"Both FireEye as a service and iSIGHT threat intelligence had strong quarters, and we added 57 new Helix customers bringing the total to 71," announced Verdecanna. It remains slow progress for FireEye, but it still expects to report profits in 2018.

FireEye went public in September 2013, with the share price immediately soaring by more than 90% before settling at around $38.74. At the time of writing this, it is $14.45. FireEye purchased Mandiant for $1 billion in January 2014. Mandiant's Kevin Mandia took over as CEO at FireEye in June 2016. 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.