Cyber Criminals Nab RSA SecureID Information in BreachBy Channel Insider Staff | Posted 2011-03-18 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Attackers stole "certain information" from security firm RSA, including data specific to RSA's SecurID two-factor authentication products, the company said.
EMC's RSA Security acknowledged it had been hit by an "extremely sophisticated" attack and that information related to the SecurID two-factor authentication products have been stolen.
For more, read the eWEEK article: RSA Warns SecurID Customers of Data Breach.
Intruders succeeded in breaching RSA networks "recently" as part of an Advanced Persistent Threat attack, Art Coviello, executive chairman of RSA Security, wrote in an open letter to customers that appeared on the RSA Website on March 17. While the investigation is ongoing, RSA has determined attackers stole "certain information," including the ones specific to RSA's SecurID two-factor authentication products, Coviello said.
"Recently, our security systems identified an extremely sophisticated cyber-attack in progress being mounted against RSA," Art Coviello,
RSA has historically kept the algorithm for its multifactor authentication products secret.
Neither the letter nor EMC's filing with the Securities and Exchange Commission identified what exactly was stolen, but it "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said. He was "confident" that the stolen data won't allow the criminals to mount a successful attack directly on RSA's SecurID customers.
Advanced Persistent Threats often target source code and other information useful in espionage and involve knowledge of the company's network, employees and policies. APT generally employs some forms of social engineering as well as exploits hidden in e-mail messages to sneak keyloggers and other tools onto the computer. Unlike most attacks, APT intruders are generally not interested in financial and identity data. Instead, once attackers gain access to the network, they move around looking for sensitive data, such as intellectual property, to steal.
Operation Aurora, which compromised systems at Google and a number of other major companies in 2009, was a type of APT.
Other EMC or RSA products were not affected, and personally identifiable data on customers and employees were not compromised, Coviello said.