Security - Channel Insider

Empowering the next generation Channel

Home

Security

Cyber Criminals Nab RSA SecureID Information in Breach

[ci] deep dives:

Managed Services Distribution Careers Linux and Unix Computer Networking Printers Security SMB Partner Storage Surveys Solution Builder Messaging/Collaboration Dell Reseller Microsoft Partner

Cyber Criminals Nab RSA SecureID Information in Breach

in Security

DATE: 2011-03-18 | By Channel Insider Staff

Article Rating:

/ 1
Article Views: 4177

More Security Coverage

<<Previous Security News Next Security News >>

Attackers stole "certain information" from security firm RSA, including data specific to RSA's SecurID two-factor authentication products, the company said.

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

EMC's RSA Security acknowledged it had been hit by an "extremely sophisticated" attack and that information related to the SecurID two-factor authentication products have been stolen.

Partners: We Need More Answers on RSA Breach

Intruders succeeded in breaching RSA networks "recently" as part of an Advanced Persistent Threat attack, Art Coviello, executive chairman of RSA Security, wrote in an open letter to customers that appeared on the RSA Website on March 17. While the investigation is ongoing, RSA has determined attackers stole "certain information," including the ones specific to RSA's SecurID two-factor authentication products, Coviello said.

"Recently, our security systems identified an extremely sophisticated cyber-attack in progress being mounted against RSA," Art Coviello,

RSA has historically kept the algorithm for its multifactor authentication products secret.

Neither the letter nor EMC's filing with the Securities and Exchange Commission identified what exactly was stolen, but it "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said. He was "confident" that the stolen data won't allow the criminals to mount a successful attack directly on RSA's SecurID customers.

Advanced Persistent Threats often target source code and other information useful in espionage and involve knowledge of the company's network, employees and policies. APT generally employs some forms of social engineering as well as exploits hidden in e-mail messages to sneak keyloggers and other tools onto the computer. Unlike most attacks, APT intruders are generally not interested in financial and identity data. Instead, once attackers gain access to the network, they move around looking for sensitive data, such as intellectual property, to steal.

Operation Aurora, which compromised systems at Google and a number of other major companies in 2009, was a type of APT.

Other EMC or RSA products were not affected, and personally identifiable data on customers and employees were not compromised, Coviello said.

For more, read the eWEEK article: RSA Warns SecurID Customers of Data Breach.

comments dic



	>>> More Security Articles >>> More By Channel Insider Staff

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Follow @ChannelInsider
< Prev | Next >

about 4 hours agoAssessing the Impact of HP Layoffs - HP needs channel partners to help put some distance between it all the drama ... http://t.co/2H0Gq8HJ
about 6 hours agoThin Client Opportunity Gets Richer for the Channel - IT organizations are rethinking client strategy in the age of ... http://t.co/JxUbh24m
May 23rd 4:38 PMPutting a Channel Face on the Cloud - Amazon, Google and others may leverage the channel to compete more aggressivel... http://t.co/RUeo9iT5
May 22nd 10:41 PMExpanding the Reach and Scope of Desktop Virtualization - VMware moves to acquire Wanova - VMware has set out to ... http://t.co/Ad020fhT
May 22nd 8:58 PMConsidering the IBM Watson Possibilities - IBM looks to the channel to help find new use cases for cognitive computi... http://t.co/CAljVbac
May 22nd 8:54 AMVariations on a Cloud Storage Theme in the Channel - EMC expands focus on the cloud via a channel that is wrestling ... http://t.co/MORSpkkb
May 21st 10:43 AMRightsizing the Cloud Service Provider - Cloudbursting will alter the way the channel thinks about cloud computing i... http://t.co/eZ33qdKE
May 17th 6:39 PMThe Future of IT Services - Automated managed services are transforming the way IT services are delivered - Histo... http://t.co/w4zvAS8u
May 17th 12:39 PMRising to the Cloud Application Management Challenge - BetterCloud previews management tool for Google Apps environm... http://t.co/KzhO7FlP
May 16th 11:00 AMPlaying the IT Services Name Game - HP expands ability of partners to deliver branded services as part of effort to ... http://t.co/XU3QOnKz

[ci] feeds

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

CHANNEL SPONSORED RESOURCE CENTER

Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
Click Here

Security and Availability Essentials for Running Your Business in the Cloud
Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
Watch Video

New Tool Analyzes Data Without Bias

A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
Click Here

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 6

Cyber Criminals Nab RSA SecureID Information in Breach

More Security Coverage

Attackers stole "certain information" from security firm RSA, including data specific to RSA's SecurID two-factor authentication products, the company said.

Related Content

Follow @ChannelInsider < Prev | Next >

Follow @ChannelInsider
< Prev | Next >