Skip to main content

RSA SecurID data stolen by a “nation state”

RSA SecurID
Image used with permission by copyright holder

Last March, infiltrators carried out a quiet cyberattack against RSA, obtaining information about the operation of its SecurID tokens, hardware devices used by corporations, governments, and organizations to establish secure VPN connections with remote employees. RSA admitted the breach in April and began replacing SecurID tokens last June, but now RSA is revealing a bit more about the attack. Speaking at a Q&A session at the RSA Conference in London, RSA chairman Art Coviello said the attack’s methodology revealed that two separate teams were at work, and the company is very confident that the skill and resources required by the attack had to have been supported by a nation.

“We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication and resources involved it could only have been a nation state,” ZDNet UK quotes Coviello as saying.

Recommended Videos

RSA was apparently the victim of a targeted malware attack via a spreadsheet sent to a small number of employees, carefully worded to get someone to open the attachment. At least one did, and a malicious Adobe Flash object within the spreadsheet exploited a zero-day vulnerability that enabled the attackers to install a remote access Trojan horse. Once that was in place, hackers used the Trojan to explore RSA’s internal network and look for information about how its SecurID tokens operate. And they found it: information gleaned from the attack was subsequently used in an unsuccessful attack against U.S. defense contractor Lockheed Martin.

SecurID tokens are used as an additional layer of security over-and-above standard username-password combinations as a way to secure VPN logins from untrusted networks—like the Internet. When users connect, they’re prompted for an authorization key displayed on the SecurID token issued to them. These numeric keys change at a fixed interval (usually every minute)—the idea is that even if an attacker has a user’s name and password, they’d still need a unique number to access the network—and that number constantly changes. The information stolen in the RSA breach apparently enabled attackers to generate SecurID keys without the physical tokens.

Some industry watchers have expressed skepticism that the attack was carried out by a nation, noting there’s nothing in particular about the attack as subscribed that points to a government-backed operation. Yes, the information gleaned in the attack was used to go after a defense contractor, but the data could easily have been sold or changed hands numerous times after the attack—there’s not necessarily a direct connection between the perpetrators of the breach and the attackers who went after Lockheed Martin.

“It seems very odd to me for a company to say that they have determined that a country had attacked them, but to not then name the country,” wrote Sophos’ Graham Cluley in its Naked Security blog.

RSA has not disclosed how many tokens it replaced in the wake of the breach, but indicated that replacement had been completed by August.

Topics
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Meta faces lawsuit for training AI with pirated books
A silhouetted person holds a smartphone displaying the Facebook logo. They are standing in front of a sign showing the Meta logo.

In a recent lawsuit, Meta has been accused of using pirated books to train its AI models, with CEO Mark Zuckerberg's approval. As per Ars Technica, the lawsuit filed by authors including Ta-Nehisi Coates and Sarah Silverman in a California federal court, cite internal Meta communications indicating that the company utilized the Library Genesis (LibGen) dataset—a vast online repository known for hosting pirated books—despite internal concerns about the legality of using such material.

The authors argue that Meta's actions infringe upon their copyrights and could undermine the company's position with regulators. They claim that Meta's AI models, including Llama, were trained using their works without permission, potentially harming their livelihoods. Meta has defended its practices by invoking the "fair use" doctrine, asserting that using publicly available materials to train AI tools is legal in certain cases, such as "using text to statistically model language and generate original expression."

Read more
Intel needed a win — its new laptop CPU delivers just that
An MSI laptop sitting on a table.

It feels cliche at this point, but it's true. Intel can't catch a break. The new Arrow Lake-H chips feel like a tide shift for Team Blue, though, leveraging the highly efficient architectures the company debuted with Lunar Lake to deliver performance and battery life worthy of the best laptops on the market.
By the numbers
We've already seen what Intel's Lunar Lake processors are capable of -- read our Asus Zenbook S 14 review for more on that -- but these new Arrow Lake-H offerings are a bit different. Under the hood, Intel is still using its Lion Cove and Skymont core architectures, which Arrow Lake-H shares with Lunar Lake. However, these chips get a larger core count, higher power budget, and beefier integrated graphics based on Intel's Battlemage architecture.

The power budget is really important here. The base power is 45W, but Intel allows the chip to boost up to 115W for short periods of time. The core split is interesting, too. You get 16 total cores, but they're split between six performance cores, eight efficient cores, and two low-power efficient cores. If you remember, the efficient cores are actually the main performance driver in this architecture, so the extra two low-power ones are simply there for a little extra multi-core grunt.

Read more
Apple’s AR glasses are coming, but they could be too late for Mac fans
Apple iGlasses

Mac fans received some bad news a week or two ago. No, it wasn’t that the upcoming MacBook Air has been canned or that prices are doubling on the MacBook Pro. It was that Apple had canceled a plan to release a pair of augmented reality (AR) glasses that would pair with a Mac, giving users a brand-new way to use their computer in 3D space.

Sure, it sounds like a pretty niche device. But it could have been an interesting stopgap between the Vision Pro -- with its big, bulky design that’s ill-suited to long-term use -- and a proper pair of AR glasses that don’t need to be connected to your home computer.

Read more