BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Hackers Slam Blue Coat Claiming It 'Pressured Security Researcher Into Cancelling Talk On Its Tech'

Following
This article is more than 9 years old.

The final Syscan Conference in Singapore kicked off today with a message for a particular security company. According to reports from conference attendees, Thomas Lim, founder of the event where professional hackers give talks on their latest research, encouraged attendees to send Tweets containing the following: “Fuck you, Blue Coat”. Many did. Others had their own variations on the same theme.

The company, which is set to be acquired by Bain Capital for $2.4 billion some time in the first half of this year, has been accused of “bullying” Airbus Group Innovations researcher Raphaël Rigo into cancelling his talk. He planned to disclose findings from his explorations into Blue Coat’s ProxySG technology, which is designed to look for malicious or policy-bypassing traffic going through businesses’ networks. Rigo was due to detail the workings of the prorietary operating system behind that technology, SG OS.

But FORBES has been told Lim was contacted ahead of the talk by Blue Coat, which asked to be passed on to Rigo. They used this access to pressure Rigo into cancelling his talk, according to Marc Rogers, head of research at CloudFlare who is at the conference. Lim went public with that information, Rogers said, and then Twitter blew up with vitriol aimed at the Sunnyvale-based security provider.

Rigo told FORBES over email that he could not comment on the matter. When the time came for his Syscan slot, he relayed the following message from Airbus, which he passed on to Forbes and pointed to more cordial relations between the researcher and Blue Coat: "Airbus Group is currently discussing collaboratively with Blue Coat on the elements of the talk intended today.

"Although the information at this time does not reveal any security vulnerabilities in products, it does provide information useful to the ongoing security assessments of ProxySG by Blue Coat.

"Once that work is complete, Airbus Group and BlueCoat will jointly come back and share the research findings at a later conference in the spirit of responsible and safe disclosure to the community."

Blue Coat had not responded to repeated requests for comment. Neither had Airbus.

CloudFlare’s Rogers believes the Bain acquisition may be behind Blue Coat’s decision to pressure Rigo. “I guess that explains their sensitivity but researcher intimidation like this is very foolish.

“If they had left it alone, maybe 40 or 50 people would have seen an unremarkable but interesting talk on Blue Coat. Now they are a trending topic in the [information security] community. Not to mention the damage this has done to their reputation in the researcher community.

“Going forwards, if you are a researcher in the community with a Blue Coat [zero-day vulnerability] how do you think this might influence your decision on handling that zero-day and whether or not to trust them with responsible disclosure?”

Raphael Rigo's scheduled talk that was cancelled after alleged pressure from Blue Coat

Blue Coat knows what it’s like to face the wrath of the security and privacy worlds. In 2011, it admitted its technology had been used in Syria as part of a surveillance operation in the war-torn country. That information only came to light after a hacktivist crew called Telecomix posted logs from a Proxy SG 9000 appliance they had uncovered in researching Syrian internet censorship. Blue Coat said it’s own investigation “indicated that certain appliances were transferred illegally to Syria after being lawfully sold to that channel distribution partner”. Its partner was later fined $2.8 million for selling the kit to the Syrian regime. Another one of its appliances was found in Burma in 2011 and Iran in 2013.

UPDATE: Blue Coat has issued a blog post on the matter. "Following responsible disclosure practices, Blue Coat requested more time from Airbus to review and validate the research, and to mitigate any risks to our customers associated with the public disclosure of the presentation. Airbus agreed to postpone disclosure of their presentation.

"While the information provided to us by Airbus was outside of the standard procedures for sharing this type of information, we appreciate the efforts undertaken by the Airbus team to identify hardening techniques that may improve the security posture of our product over time and to share their research findings with us. We expect to collaborate with Airbus to jointly share their original research findings at the conclusion of our investigation."