By Laura MurguiaThe NSA’s “auditing” system has been hacked, according to cybersecurity firm Symantec.
Symantec reported the breach on Tuesday, saying it had found “a vulnerability in Symantech’s Auditing Suite which allows unauthorized access to audit data.”
It did not say who the hacker was.
Symantsec says the vulnerability was found during a “sophisticated attack on a SymantEC compliance suite.”
It added that the flaw was “likely a result of a remote code execution attack.”
Symantech is not alone in being hacked.
A cybersecurity firm reported last week that it had detected the same attack, but Symantects chief security officer Peter Eckhardt told ABC News that the firm had “not been compromised.”
In the wake of the breach, Symanteck told Ars that the company is taking steps to strengthen its security measures and make sure that “the security of our auditing data is as strong as possible.”
We will be working with Symantek to address this matter, Eckhardt added.
Symantisec has said it is working to fix the vulnerability in the Auditing suite, but it was not immediately clear if the company had patched the issue.
A Symantes spokesperson told Ars: “Symantecco’s audited data is protected by a strong, self-resisting encryption and data protection architecture that we believe prevents unauthorized access.
We are working closely with Symantsec to address the issue.”
In a statement, Symantsech said: “The Symantems auditing service has been updated to fix a vulnerability in version 2.6.0, which was discovered by Symantee.
We have not received any notification of this issue.
We will continue to improve our audited services and are working with the Symantepublic to address any further issues.”