The well known US FireEye has been hacked and miscreants have made off with all of the tools used by the company to help clients secure their networks.
The company said they will post mitigation tools on GitHub so that everyone can see what steps are needed to secure their systems. Not that long ago the NSA was broken into and all of their secret tools were stolen leading to a rash of security violations. It seems that security companies are not able to fend off targeted attacks all that effectively.
Clearly the perpetrator has demonstrated patience, operational security, and complex trade-craft in these intrusions. Some very sophisticated operations have been done to gather the expertise needed to reach so deeply into the infrastructure. Given how many government agencies affected its clear that additional steps are needed.
Certificates have been compromised by miscreants who used it to distribute malare. Long passwords are harder to brute force and modern encryption techniques are available to keep unwanted surveillance away Here at the studio security is an ongoing menace.