Skip to main content

RSA SecurID data stolen by a “nation state”

RSA SecurID
Image used with permission by copyright holder

Last March, infiltrators carried out a quiet cyberattack against RSA, obtaining information about the operation of its SecurID tokens, hardware devices used by corporations, governments, and organizations to establish secure VPN connections with remote employees. RSA admitted the breach in April and began replacing SecurID tokens last June, but now RSA is revealing a bit more about the attack. Speaking at a Q&A session at the RSA Conference in London, RSA chairman Art Coviello said the attack’s methodology revealed that two separate teams were at work, and the company is very confident that the skill and resources required by the attack had to have been supported by a nation.

“We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication and resources involved it could only have been a nation state,” ZDNet UK quotes Coviello as saying.

RSA was apparently the victim of a targeted malware attack via a spreadsheet sent to a small number of employees, carefully worded to get someone to open the attachment. At least one did, and a malicious Adobe Flash object within the spreadsheet exploited a zero-day vulnerability that enabled the attackers to install a remote access Trojan horse. Once that was in place, hackers used the Trojan to explore RSA’s internal network and look for information about how its SecurID tokens operate. And they found it: information gleaned from the attack was subsequently used in an unsuccessful attack against U.S. defense contractor Lockheed Martin.

SecurID tokens are used as an additional layer of security over-and-above standard username-password combinations as a way to secure VPN logins from untrusted networks—like the Internet. When users connect, they’re prompted for an authorization key displayed on the SecurID token issued to them. These numeric keys change at a fixed interval (usually every minute)—the idea is that even if an attacker has a user’s name and password, they’d still need a unique number to access the network—and that number constantly changes. The information stolen in the RSA breach apparently enabled attackers to generate SecurID keys without the physical tokens.

Some industry watchers have expressed skepticism that the attack was carried out by a nation, noting there’s nothing in particular about the attack as subscribed that points to a government-backed operation. Yes, the information gleaned in the attack was used to go after a defense contractor, but the data could easily have been sold or changed hands numerous times after the attack—there’s not necessarily a direct connection between the perpetrators of the breach and the attackers who went after Lockheed Martin.

“It seems very odd to me for a company to say that they have determined that a country had attacked them, but to not then name the country,” wrote Sophos’ Graham Cluley in its Naked Security blog.

RSA has not disclosed how many tokens it replaced in the wake of the breach, but indicated that replacement had been completed by August.

Editors' Recommendations

Topics
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
The new Surface Laptop and Surface Pro are finally living up to their potential
The new Surface Pro on a table.

Copilot+ represents a new era for Windows laptops, and it's a fresh reimagining for Surface as well. You'll notice that the generational number in the name is gone with this new era -- one that comes with a new design, higher performance, and AI features.

Both the new Surface Laptop and Surface Pro come exclusively with up to a Qualcomm Snapdragon X Elite, which brings massive leaps in performance, battery life, and AI capabilities over the previous generation of Surface devices.

Read more
Best Memorial Day gaming PC deals: Get a gaming PC for just $880
Gaming PC on a desk.

Building a PC from scratch can be quite daunting, especially if you don't have a lot of time or tech-savvy to deal with the complexity of picking parts and putting them together. Gaming PCs can be even more complicated, so going for a pre-made gaming PC makes a lot of sense. While it is true you can save a little extra by putting parts together yourself, these early Memorial Day deals can save you quite a bit of money and may even exceed the savings you would have gotten by doing it yourself. Of course, if you don't quite find what you're looking for here, you can check some of these other great gaming PC deals too.
Best Gaming PC (Intel) Memorial Day Deals

Intel is probably one of the most well-known CPU brands, and there are actually quite a lot of options out there when it comes to variety in specs. So, whether you're looking for a more budget-oriented build for playing simple and older games, or want something super high-end, you'll find something here.

Read more
This was the most momentous PC announcement in decades
Copilot+ PCs being announced from the stage.

"AI PC."

You've no doubt heard the term by now, and if you're honest, it's probably made your eyes roll. In a year when "AI" is tacked on to every tech product imaginable, what have been called AI PCs so far just haven't felt worthy of the designation.

Read more