RSA Europe Conference 2011: Nation state groups behind RSA attack

News

RSA Europe Conference 2011: Nation state groups behind RSA attack

Ron Condon, UK Bureau Chief

Senior management from RSA revealed this week that the cyberattack that stole information about its SecurID authentication system last March was the work of two separate groups working on behalf of a nation state.

Speaking in London at the RSA Conference Europe 2011 , RSA Executive Chairman Art Coviello said the investigation suggested the RSA attack was sponsored by a nation state (mainly because of its sophistication), although he said the forensic information did not allow him to say which country had been behind it.

RSA President Tom Heiser said it was clear two groups had worked in tandem to carry out the attack, with one providing support for the other.

Coviello insisted the attack had a limited effect because of the security procedures RSA had in place at the time of the attack. He also insisted no customers had suffered damage as a result of the breach, even though some of the stolen data was used to conduct an attack on Lockheed Martin. He said by using its NetWitness network monitoring product, which was acquired in April, RSA was able “to see the attack in action and remediate fast.”

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

RSA SecurID breach

The attack on RSA SecurID authorization information occurred in March 2011 when cybercriminals sent a spear phishing attack to low-level employees at RSA. Once inside, the criminals were able to elevate their privileges and gain access to RSA's SecurID data. Following the breach, RSA acknowledged the stolen data was used unsuccessfully against at least one defence contractor, and advised customers to put additional safeguards in place to protect against attacks using the stolen data. RSA and law enforcement are continuing to investigate the breach.

Asked about the impact of the breach on RSA’s business, Coviello said only “a small proportion” of customers had taken up the company’s offer of replacing their SecurID tokens.

RSA’s Chief Security Officer Eddie Schwartz added that following the attack the company had imposed a “total lockdown” on its systems until investigators had fully understood the cause and extent of the attack. He said RSA staff was unable to access the Internet or use social networking sites during this period.

Schwartz said the company has slowly loosened some of the constraints. “We now allow LinkedIn to be used, but we still ban Twitter and Facebook,” he said, adding that the company is looking at allowing those sites in the future, but only in a virtual desktop environment where they can be closely managed.


Back to top