RSA Hacked; Tokens Stolen

If this is your first visit to this blog, please start here.

Apparently the RSA computers were hacked in March 2011 and stolen most likely were the generators and algorithms for the 6 digit tokens that are generated every minute or so by those cute SecurID frobs.  The tokens are used as part of an additional layer of security when accessing a remote site.

Later L-3 Communications claimed that hackers attacked the L-3 site using these stolen tokens. This particular attack was apparently thwarted by noticing the attack and turning off all remote access.  Northrup Grumman recently shut down its remote access, but didn’t say why.  Lockheed confirmed in early June that hackers had compromised a single account using stolen SecurID data, but Lockheed claimed their quick action stopped anything significant being stolen.

Not much information has been released as to what was stolen from RSA or how the attackers use the stolen information.  My guess is that they somehow are able to generate the same key that the RSA SecurID token generator does, without the physical SecurID frob.  Knowing how the SecurID token is used, will allow the attacker to defeat one layer of security.   The next layer is typically a username/password dialog.

The moral here is that one should never have a weak password, and you should never by tricked into revealing it, e.g. via a Phishing trick.  Your password is your last line of defense!

RSA (owned by EMC) is replacing the SecurID frobs with new ones with a different generating algorithm.  An open letter from RSA is posted here.

-gayn

Advertisements

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: