Hackers Target RSA's SecurID ProductsCompany: Attackers Aren't Believed to Be Preying on Customers
RSA Executive Chairman Art Coviello, in a posting on the RSA website, said a company investigation led officials to believe the attack is in the category of an advanced persistent threat. An APT refers to sophisticated and clandestine means to gain continual, persistent intelligence on a group such as a nation or corporation.
SecurID consists of a token, either hardware or software, that generates an authentication code at fixed intervals - about once a minute, for instance - using a built-in clock and an encoded random key known as a seed. The seed is different for each token, and is loaded into the corresponding RSA SecurID server as the tokens are acquired.
Coviello said RSA's investigation revealed that the attack resulted in information being extracted from the company's IT systems. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said. "We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."
Coviello said RSA has no evidence that customer security related to other RSA products has been similarly affected. "We do not believe that either customer or employee personally identifiable information was compromised as a result of this incident," he said, adding that RSA will give its SecurID customers the tools, processes and support required to strengthen the security of their IT systems in the face of this incident.
Coviello promised qualified transparency in addressing this problem. "As appropriate," he said, "we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat."
The attack comes one day after the top cybersecurity executive at the Department of Homeland Security told Congress that government and private-sector IT systems are at risk from such attacks (see Experts Question Infosec Readiness). "Sensitive information is routinely stolen from both government and private sector networks," Philip Reitinger, DHS deputy undersecretary for national protection and programs told the House Homeland Security Committee. "We currently cannot be certain that our information infrastructure will remain accessible and reliable during a time of crisis."
Revelation of the hack brought a quick response from a leading proponent of IT security legislation in Congress. "The cyberattack revealed by RSA today underscores the serious and sophisticated cyberthreat we face," said Sen. Susan Collins, the Maine Republican who serves as ranking member of the Homeland Security and Governmental Affairs Committee. "The threat of a catastrophic cyber attack is real. Attacks are happening now."
Collins said the attack demonstrates the need for Congress to act to change the way the federal government works with the private sector to safeguard IT. The senator is cosponsor with the committee Chairman Joseph Lieberman, ID-Conn., and Thomas Carper, D-Del., of legislation to reshape the way the federal government protects government and key private-sector IT systems (see Senate Bill Eyes Cybersecurity Reform). "The need to pass comprehensive cyber security legislation is more urgent than ever," Collins said.
Backers of the Cybersecurity and Internet Freedom Act of 2011 contend the legislation would improve collaboration between the government and business in addressing vulnerabilities such as advanced persistent threats.