backtop


Print 10 comment(s) - last by borismkv.. on Jun 10 at 2:19 PM


RSA has offered to replace customers' SecurIDs after they were compromised by a recent data breach. The breach is believed to be part of a foreign espionage attempt.  (Source: Michael Lu)

Spies used the information to penetrate the servers of the U.S.'s largest defense contractor, Lockheed Martin, last month.  (Source: Reuters/Mick Tsikas)
Old dongles likely have been compromised

Most people have never seen them, but little USB-like dongles called "SecurIDs" have played a crucial role in protecting some of our nation's most valuable information.  Designed by RSA Security, a subsidiary of EMC Corp. (EMC), the dongles generate a string of numbers ever 30 to 60 seconds that acts a one-time password.  

Users must enter both their pin (traditional password) and the number shown within a narrow time window in order to log in to a secure connection.  The approach is designed to protect both against keylogging attempts to steal passwords and against traditional brute force attacks that try to "guess" at the password.

The scheme was sound -- until RSA Security's servers were breached in a hack that was believed to be an act of foreign espionage.

Mid last month, hackers used the stolen information to compromise the security codes and remotely enter servers belonging to Lockheed Martin Corp. (LMT), the U.S. government's top information technology services provider, and major supplier of heavy armaments

The hack shocked the U.S. defense community.  Sources close to the Lockheed Martin say that it is believed to have originated from a familiar source -- China -- though the U.S. State Department, U.S. Department of Defense, and Lockheed Martin itself have yet to officially comment.

China has been trying for years to steal information on the U.S. government's stealth jet program, according to some officials.  Most of these efforts consisted of buying the wreckage of crashed U.S. fighters, but some believe China is also looking to the internet for new intelligence on various U.S. weapons programs.

Fortunately, sources say that Lockheed Martin did not store critical stealth fighter information on its internet connected servers.  Nonetheless, foreign sources may have been able to obtain other information that was housed on Lockheed Martin's internet-accessible servers.

In a letter to its customers, RSA acknowledges that the information stolen from RSA's servers was likely used to compromise the keys breach Lockheed Martin's security.  Writes the company:

Certain characteristics of the attack on RSA indicated that the perpetrator's most likely motive was to obtain an element of security information that could be used to target defense secrets and related (intellectual property).

RSA has offered to replace customers' SecurIDs free of charge, to prevent similar intrusions.  The new dongles should be safe, as RSA believes the underlying algorithm remains sound and unbroken. 

Previously RSA would only say that customers might want to prepare for the ramifications of the breach.  Many observers expressed credulity at first that the stolen information was used in the Lockheed Martin intrusion, given the encryption format's prestigious reputation.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Layered Defense
By borismkv on 6/10/2011 2:19:41 PM , Rating: 2
No it isn't. RSA tokens allow two factor authentication. That's *one* layer of defense. Utilizing real time monitoring and alerting, rights management systems, encryption, Intrusion Prevention systems, and proper ACL management are other layers. Having crappy internal security with a high powered authentication system is just negligence.


"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki