Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hackers break into RSA servers, steal sensitive encryption data

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

March 18, 2011

It is now reported throughout the Internet security community that attackers have successfully breached the servers of RSA and stole extremely sensitive information that could be used to compromise the security of two-factor authentication tokens used by about 40 million employees globally to access critical corporate and government networks, RSA said late last night.

“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT),” RSA Executive Chairman Art Coviello said in a letter posted on the company's website. The letter was undated, however.

“Our investigation also revealed that the attack resulted in certain information being extracted from RSA's servers and is now most likely in the wrong hands,” the letter said.

Neither the letter nor a filing with the Securities and Exchange Commission identified what the stolen data was, but Coviello went on to say it “could potentially be used to reduce the effectiveness of a current two-factor security authentication implementation as part of a broader attack.”

Michael Gallant, a spokesman with RSA owner EMC, declined to answer any questions by the media.

Among the unanswered questions was whether attackers got access to the so-called "seed values" that SecurID tokens use to generate the six-digit numbers that change every 60 seconds. Workers in both private industry and government agencies use the security devices as an additional security layer when logging onto their employers' networks.

Requiring an employee to have physical access to the device thwarts hackers who may have intercepted the users' login credentials.

If attackers were successful in gaining access to the "seeds" for a specific company, they might be able to generate the pseudo-random numbers of one of its tokens, allowing them to clear a critical issue in breaching the company's computer network security.

Additional possibilities include the theft of source code that yields attackers a virtual blueprint of various security vulnerabilities to exploit in the future, or the theft of private cryptographic keys that could allow miscreants to imitate RSA servers or register new employee tokens to be used at a later date.

“Overall, RSA is going to have to convince people that their devices still work, and that's going to be a tough sell in light of what just happened,” said Nick Owen, CEO of Wikid Systems, a two-factor authentication startup that competes with RSA.

“This means they'll have to come clean about the attack. They may be in a position where they have to reissue hardware tokens to their users as well,” he added.

Owen noted that RSA's notice came as one of the company's websites related to the activation of software licenses was down for unexplained reasons. It's not clear if the outage is related to the attack or not.

Coviello's letter said that the company's security systems recently identified “an extremely sophisticated cyber attack in progress being mounted against RSA.” That description, and the reference to APT, leaves open the idea that attacks could have lasted days, weeks, or even months – but the company didn't say more.

This also evokes memories of attacks Google disclosed early last year that breached the security at dozens of companies and made off with highly sensitive data.

The vagueness and inuendo it created also generated plenty of criticism among Internet security professionals at the time.

“APT: Yeah, we got pawned, leaked all your data,” web app security guru Mike Bailey tweeted, in a mock paraphrase of Coviello's letter. “Sorry about that, but this guy was GOOD.”

RSA sent a communication to customers urging them to follow a variety of security best-practices, including to “enforce strong password and pin policies,” to “re-educate employees on the importance of avoiding suspicious emails,” and to “harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software, core systems and sensitive data.”

We're hoping a version of the email has been sent to RSA employees and executives as well.

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: RSA Security.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Do it right this time. Click here and we will take good care of you!

Get your Linux or Windows dedicated server today.