What's Really in Your Source Code? Security Experts Worried about Recent Hacks

sourcecodeAfter the Chinese hackers’ attack on Google and about 30 other California companies, security experts are worried about how bad the attack really was. Aside from being able to see the source code (million lines of programming code that makes their applications work), security experts are worried that these hackers may have modified the programs to include viruses. If they were to do this, the hackers could give themselves and others secret access to everything the company and its customers do with the software. A security expert from VeriSign iDefense stated:

“Well, they could also insert their own code — and they probably have.”

Another huge worry for security experts is that Adobe Systems was one of the companies that got hacked. Considering that it is installed on about 95% of all the computers around the world, if anyone inserted some of their own source code into its programs, they have the potential to secretly control all of those computers and steal sensitive information without the users ever knowing what hit them.

“One of the U.S. government’s biggest worries is that the attackers will place that source code back into products,” said George Kurtz, the chief technology officer at McAfee.

Right now, Cisco, a company that makes routers,  is required by law to include a technology in its hardware that allows investigators to tap into the hardware to collect Internet access information.  One of the government’s biggest fears is that a country like China could sell counterfeit routers with a slightly modified software sourcecodepinthat would give the same access to hackers, giving them complete access.

“That could provide the perfect over-the-shoulder view of everything coming out of a network,” said. Jeff Moss, a security expert who sits on the Homeland Security Advisory Council.

Companies are working to improve product security and new ways to protect their  intellectual property. One way of doing this is by creating more complex systems for viewing and editing the source code. Another way is to create a system that makes changing the source code a detailed and complicated process.  All these changes in the system make it harder for hackers to break in from the outside, but a lot of the security depends on employee vigilance when opening potentially malicious files that could infiltrate the code. These precautions, combined with employee vigilance will help protect the code, for now.

(Via NYTimes)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, employee monitoring and compliance, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.