Saturday, March 19, 2011
RSA Security Says Hackers Got Data on SecurID
Hackers obtained data related to SecurID, RSA Security says. Professional hackers using an Advanced Persistent Threat obtained unspecified information that RSA Security said cannot enable a direct attack on customers. RSA Security said it is helping customers strengthen SecurID. An analyst likened the attack to "breaking into Fort Knox."
SecurID tokens that are widely used as part of a two-step authentication procedure may have been compromised. RSA Security, makers of SecurID and one of the country's leading security Relevant Products/Services firms, has said that hackers "extracted" data Relevant Products/Services related to SecurID.
In an open letter published on its web site, Executive Chairman Art Coviello said the company's security systems recently identified "an extremely sophisticated cyberattack in progress." The company said it responded with "a variety of aggressive measures," conducted an investigation, and has been working closely with authorities.
Advanced Persistent Threat
RSA said the attack, in the category of Advanced Persistent Threat, resulted in certain information being obtained by the hackers -- some of it "specifically related to RSA's SecurID" products. Advanced Persistent Threat is a term that is often related to attacks believed to involve professional Relevant Products/Services, organized hacking, such as from corporate espionage, other countries, or criminal organizations.
RSA, owned by EMC, is one of the world's leading security vendors, and its customers include banks, the military and other government agencies, and major medical organizations.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers," Coviello wrote, "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."
RSA said it is "actively communicating" the situation to its customers, including providing steps that could strengthen SecurID implementation. It recommended that companies monitor their networks, as well as hacker or social-networking sites where confidential data might be distributed. No other RSA products appear to have been impacted, the company said.
'Breaking Into Fort Knox'
The SecurID two-factor authentication system Relevant Products/Services utilizes a username/password combination, plus an authenticator, which is a small key chain dongle that generates a new six-digit number every 60 seconds. A software token determines the number that is generated, and, if the hackers obtained token information, they conceivably could re-create the generated numbers.
Both the password and the authenticator's number are required to enter secure environments set up to use this approach, which include VPNs, WLANs, e-mail, Windows desktops, servers and other resources. According to RSA's web site, this two-factor authentication system has a "20-year history of outstanding performance," and it's used by millions of customers.
Laura DiDio, an analyst with industry research firm Information Technology Intelligence Corp., likened the attack on RSA to "breaking into Fort Knox."
She said RSA appears to be providing remediation advice to its customers to the extent that it can, although it's not revealing what was stolen. In any event, DiDio said, this episode is bound to "rattle the confidence of those who have relied on this two-factor authentication."
DiDio said that, in addition to any steps recommended by RSA, this "wake-up call" is a good time for companies to review their security structure.