On October 11th, 2011, Kim Zetter wrote for Wired on how the two hacker groups behind the breach of RSA Security were likely working for a government. RSA, a cybersecurity company which offers a widely used SecurID two-factor authentication product, announced last March that intruders had infiltrated their network and stole information about SecurID. The SecurID process "adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password." RSA President Tom Heiser, in noting the sophistication of the breach, concluded that a nation-state had to be behind the attack.
The attackers infiltrated the network by using targeted phising e-mails. A back-door application gave access to RSA's network after an RSA employee clicked on an attachment contained within the e-mail. While in RSA's network, the attackers disguised their malicious activity so that it appeared to be legitimate. It's likely that the attackers were after information that would help them penetrate US defense contractor networks who used SecurID to authenticate their workers; news reports in May indicated that hackers had tried to use information stolen from RSA to breach Lockheed Martin's network.
The source article can be found here.
Leave a Reply