SecurID tokens that are widely used as part of a two-step authentication procedure may have been compromised. RSA Security, makers of SecurID and one of the country's leading security firms, has said that hackers "extracted" data related to SecurID.
In an open letter published on its web site, Executive Chairman Art Coviello said the company's security systems recently identified "an extremely sophisticated cyberattack in progress." The company said it responded with "a variety of aggressive measures," conducted an investigation, and has been working closely with authorities.
Advanced Persistent Threat
RSA said the attack, in the category of Advanced Persistent Threat, resulted in certain information being obtained by the hackers -- some of it "specifically related to RSA's SecurID" products. Advanced Persistent Threat is a term that is often related to attacks believed to involve professional, organized hacking, such as from corporate espionage, other countries, or criminal organizations.
RSA, owned by EMC, is one of the world's leading security vendors, and its customers include banks, the military and other government agencies, and major medical organizations.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers," Coviello wrote, "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."
RSA said it is "actively communicating" the situation to its customers, including providing steps that could strengthen SecurID implementation. It recommended that companies monitor their networks, as well as hacker or social-networking sites where confidential data might be distributed. No other RSA products appear to have been impacted, the company said.
'Breaking Into Fort Knox'
The SecurID two-factor authentication system utilizes a username/password combination, plus an authenticator, which is a small key chain dongle that generates a new six-digit number every 60 seconds. A software token determines the number that is generated, and, if the hackers obtained token information, they conceivably could re-create the generated numbers.
Both the password and the authenticator's number are required to enter secure environments set up to use this approach, which include VPNs, WLANs, e-mail, Windows desktops, servers and other resources. According to RSA's web site, this two-factor authentication system has a "20-year history of outstanding performance," and it's used by millions of customers.
Laura DiDio, an analyst with industry research firm Information Technology Intelligence Corp., likened the attack on RSA to "breaking into Fort Knox."
She said RSA appears to be providing remediation advice to its customers to the extent that it can, although it's not revealing what was stolen. In any event, DiDio said, this episode is bound to "rattle the confidence of those who have relied on this two-factor authentication."
DiDio said that, in addition to any steps recommended by RSA, this "wake-up call" is a good time for companies to review their security structure.
Posted: 2011-03-18 @ 11:55am PT
RSA SecureID is so yesteryear. Generate the six digits number on the fly, send it in real time to the user's cell phone and expire it in 60 seconds. The window of opportunity for hackers is greatly reduced. Paypal uses this and banks too. RSA SecureID belongs in a museum.