Hackers breach security giant RSA’s network

18 Mar 2011

EMC’s security division RSA has revealed its own network has been breached by hackers who launched an ‘extremely sophisticated’ attack that may have compromised the company’s SecureID authentication service.

In a note to customers, executive chairman Art Coviello said the company had identified a sophisticated cyber attack in the form of an advanced persistent threat (APT).

He said the information gleaned by the hackers specifically related to RSA’s SecureID two-factor authentication products.

He said that while RSA is confident the information extracted by the hackers does not enable a successful direct attack on its SecureID customers, the information could be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

“We have no evidence that customer security related to other RSA products has been similarly impacted,” Coviello explained. “We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.

“Our first priority is to ensure the security of our customers and their trust,” Coviello continued. “We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources, as well as close engagement with our partner ecosystems and our customers’ relevant partners,” Coviello added.

Have seed records been extracted?

Andrew Kemshall, RSA Europe’s fifth employee who went on to to set up SecurEnvoy, a tokenless two-factor authentication company, said: “In their 30 years, there has never been a breach like this; it’s sad for this to have happened in our industry – however, it is something that we foresaw happening over 10 years ago!

“This extremely ‘sophisticated attack’, means their core seed database has been compromised, which means that every user’s ID could be exposed.

“When RSA refer to a data breach, the only data stored are the seed records. So what we are handling here is an unknown quantity of seed records that could have been accessed, copied or stored.

“Fundamentally, what this means is the second factor is potentially challenged, leaving only the first factor being a static, four-digit PIN,” Kemshall said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com