backtop


Print 6 comment(s) - last by jemix.. on Mar 19 at 12:03 AM


RSA founders (left to right) Leonard Adleman, Adi Shamir, and Ron Rivest in the 1970s around the time when they created the cryptography algorithm.  (Source: USC.edu)
Apparently even the security experts can't stay secure

It is always embarrassing when a security firm gets hacked.  But it's extraordinary and perhaps unprecedented when a senior firm behind one of the industry's top security standards gets hacked.

That's precisely what happened with RSA Security who self-reported [press release] an intrusion and possible lost of data this week.

RSA Security was founded in 1982 by Ron Rivest, Adi Shamir, and Leonard Adleman, three top cryptographers that developed a new public-key cryptography algorithm.  The algorithm, RSA, was named in honor of their last initials, and the company took on that name as well.

It operated independently supporting the standard and providing security services up until 2006.  Along the way it acquired several smaller security startups.  Then in 2006 it was acquired by the EMC Corporation in a deal worth $2.1B USD.

Apparently having three top industry pioneers isn't an invulnerability charm, though.  RSA Security writes:

Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations. 

Despite the fact that it believes information was stolen RSA assures its customers that their personal info and the security of the company's software products was not comprised.  Yet, they go on to advise clients to follow online advice to safeguard themselves against possible fallout from the data loss. 

The company says it will assist its customers if they experience financial ramifications from the breach.  It also promises to "strengthen" it and its clients' security in the wake of the incident.

 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Good job RSA
By jemix on 3/19/2011 12:03:16 AM , Rating: 5
It was actually very smart for RSA to announce this. By announcing this as they did, RSA communicated to the public exactly what they needed to in a controlled and thoughtful way. The alternative would have been that the hackers would have released the news on their terms and RSA would have had to scramble extremely fast to come up with a public response. The amount of time between the hackers leaking the news and RSA's response would have created so much negative speculation that it would have been devastating to RSA. Their products and reputation are built on 'trust' and they have maintained their trust as a result of their actions. "Well Done, RSA!"


"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki