Hacker Spies Hit Security Firm RSA
• By Kim Zetter
• March 17, 2011 |
• 6:40 pm |
• Categories: Breaches, Hacks and Cracks, RSA Conference
http://www.wired.com/threatlevel/2011/03/rsa-hacked/
Top security firm RSA Security revealed on Thursday that it’s been the victim
of an “extremely sophisticated” hack.
The company said in a note posted on its website that the intruders succeeded
in stealing information related to the company’s SecurID two-factor
authentication products. SecurID adds an extra layer of protection to a login
process by requiring users to enter a secret code number displayed on a keyfob,
or in software, in addition to their password. The number is cryptographically
generated and changes every 30 seconds.
“While at this time we are confident that the information extracted does not
enable a successful direct attack on any of our RSA SecurID customers,” RSA
wrote on its blog, “this information could potentially be used to reduce the
effectiveness of a current two-factor authentication implementation as part of
a broader attack. We are very actively communicating this situation to RSA
customers and providing immediate steps for them to take to strengthen their
SecurID implementations.”
As of 2009, RSA counted 40 million customers carrying SecurID hardware tokens,
and another 250 million using software. It’s customers include government
agencies.
RSA CEO Art Coviello wrote in the blog post that the company was “confident
that no other … products were impacted by this attack. It is important to note
that we do not believe that either customer or employee personally identifiable
information was compromised as a result of this incident.”
RSA categorized the attack as an advanced persistent threat, or APT. APT
attacks are distinctive in the kinds of data the attackers target. Unlike most
intrusions that go after financial and identity data, APT attacks tend to go
after source code and other intellectual property and often involve extensive
work to map a company’s infrastructure.
APT attacks often use zero-day vulnerabilities to breach a company and are
therefore rarely detected by antivirus and intrusion programs. The intrusions
are known for grabbing a foothold into a company’s network, sometimes for
years, even after a company has discovered them and taken corrective measures.
Last year’s hack into Google was considered an APT attack, and, like many
intrusions in this category, was linked to China.
RSA, which is owned by EMC, is a leading firm and is most known for the RSA
encryption algorithm used to secure e-commerce and other transactions. The
company hosts the top-ranked RSA security conference every year.
_______________________________________________
Infowarrior mailing list
[email protected]
https://attrition.org/mailman/listinfo/infowarrior
