Print 6 comment(s) - last by jemix.. on Mar 19 at 12:03 AM

RSA founders (left to right) Leonard Adleman, Adi Shamir, and Ron Rivest in the 1970s around the time when they created the cryptography algorithm.  (Source:
Apparently even the security experts can't stay secure

It is always embarrassing when a security firm gets hacked.  But it's extraordinary and perhaps unprecedented when a senior firm behind one of the industry's top security standards gets hacked.

That's precisely what happened with RSA Security who self-reported [press release] an intrusion and possible lost of data this week.

RSA Security was founded in 1982 by Ron Rivest, Adi Shamir, and Leonard Adleman, three top cryptographers that developed a new public-key cryptography algorithm.  The algorithm, RSA, was named in honor of their last initials, and the company took on that name as well.

It operated independently supporting the standard and providing security services up until 2006.  Along the way it acquired several smaller security startups.  Then in 2006 it was acquired by the EMC Corporation in a deal worth $2.1B USD.

Apparently having three top industry pioneers isn't an invulnerability charm, though.  RSA Security writes:

Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations. 

Despite the fact that it believes information was stolen RSA assures its customers that their personal info and the security of the company's software products was not comprised.  Yet, they go on to advise clients to follow online advice to safeguard themselves against possible fallout from the data loss. 

The company says it will assist its customers if they experience financial ramifications from the breach.  It also promises to "strengthen" it and its clients' security in the wake of the incident.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Good job RSA
By dgingeri on 3/18/2011 5:34:35 PM , Rating: 2
From my experiences, even acknowledging they had been attacked was a mistake. There are many (stupid) corporate executives that will run around screaming that RSA isn't safe anymore, and the company needs to move to something else, no matter if the attack was completely repelled. I've known far too many executives like this. ("I want to make sure my new laptop has Intel inside." gah, I hate stupid people.)

RE: Good job RSA
By jemix on 3/19/2011 12:03:16 AM , Rating: 5
It was actually very smart for RSA to announce this. By announcing this as they did, RSA communicated to the public exactly what they needed to in a controlled and thoughtful way. The alternative would have been that the hackers would have released the news on their terms and RSA would have had to scramble extremely fast to come up with a public response. The amount of time between the hackers leaking the news and RSA's response would have created so much negative speculation that it would have been devastating to RSA. Their products and reputation are built on 'trust' and they have maintained their trust as a result of their actions. "Well Done, RSA!"

“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls
Related Articles

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki