Arrest Made In FireEye Corporate Network Hacking Attempt

Share this…

The person who attacked the personal online accounts of a FireEye employee several months ago was arrested and taken into custody Thursday by international law enforcement, FireEye said Thursday.

The Milpitas, Calif.-based company worked with law enforcement and spent hundreds of hours investigating a hacker’s July claim that he had breached FireEye’s corporate network, according to CEO Kevin Mandia. But these attackers rarely, if ever, get caught, Mandia said.

“Over my career, I have found it frustrating how little risk or repercussions exist for the attackers, who hide behind the anonymity of the internet to cause harm to good, well-intentioned people,” Mandia told Wall Street analysts Wednesday. “Therefore, I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys.”

FireEye announced in August that the hacker didn’t breach, compromise or access the company’s corporate network, despite multiple failed attempts to do so. Instead, the attacker used credentials for the victim’s social media and email accounts exposed in publicly-disclosed third-party breaches to access the employee’s personal online accounts.

The attacker publicly released three FireEye corporate documents obtained from the victim’s personal online accounts, according to an Aug. 7 blog post from FireEye Chief Security Officer Steven Booth. Two customer names were identified in the employee’s personal email and disclosed by the hacker.

Customers or prospects concerned about the attack were able to sit down with Mandia or FireEye’s CISO and talk through what happened, according to CFO and Chief Accounting Officer Frank Verdecanna. Although it took some time to get through those discussions, Verdecanna told CRN that he doesn’t believe the incident had a significantly negative impact on FireEye’s performance in the quarter.

At the same time, though, Mandia told CRN that FireEye had to sink a “tremendous” amount of time and effort into investigating the hacker’s claims. That efforts a lot of direct, real costs on the company, according to Mandia.

“I don’t want to underestimate the unfairness of the situation of an anonymous person making false claims,” Mandia told CRN. “You have to prove the negative, which is really annoying.”

All told, Verdecanna said the negative impact of the attack was primarily centered around the time it took FireEye to get to the bottom of what happened and convincing customers that the company wasn’t breached.

“Had we been breached, that would have been a whole different ballgame,” Verdecanna told CRN. “The fact is that we were able to prove that we weren’t breached.

FireEye’s sales for the quarter ended Sept. 30 climbed to $189.6 million, up 1.7 percent from $186.4 million the year prior. That edged out Seeking Alpha projections of $186.2 million.

The company recorded a net loss of $72.9 million, or $0.41 per share, improved from a net loss of $123.4 million, or $0.75 per share, last year. On a non-GAAP basis, net income came in at $6.5 million, or $0.04 per share, better than a net loss of $29.4 million, or $0.18 per share, the year before. This beat Seeking Alpha projections of a net loss of $0.07 per share.

FireEye’s stock fell $1.99 (12.16%) to $14.38 in after-hours trading. Earnings were released after the market closed Wednesday.

For the coming quarter, FireEye expects to break even or report a net loss of as much as $0.03 a share on sales of between $190 million and $196 million. Analysts had been expecting a net loss of $0.01 on earnings of $195.9 million, according to Seeking Alpha.