This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

RSA chairman admits that SecurID was responsible for Lockheed Martin breach

Share this article:

RSA has confirmed that its SecurID was compromised following the breach earlier this year.

In an open letter, RSA executive chairman Art Coviello confirmed on 2nd June that ‘information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin'. Lockheed Martin has stated that the attack was thwarted and no sensitive information was intercepted.  

He said: “It is important for customers to understand that the attack on Lockheed Martin does not reflect a new threat or vulnerability in RSA SecurID technology. Indeed, the fact that the only confirmed use to date of the extracted RSA product information involved a major US defence contractor only reinforces our view on the motive of this attacker.

“We remain highly confident in the RSA SecurID product as the leading multi-factor authentication solution and we also feel strongly that the specific remediations we have provided to customers will help to deliver the highest levels of customer protection.”

Coviello pointed to attacks on Epsilon, Sony, Gmail, PBS and Nintendo saying that while the attacks are totally unrelated to the breach at RSA, they do point to a changing threat landscape and have heightened public awareness and customer concern.

However following the Lockheed Martin attack, Coviello said that RSA recognised the increasing frequency and sophistication of cyber attacks generally and recent announcements ‘may reduce some customers' overall risk tolerance'.

Therefore, RSA is offering to replace SecurID tokens for customers ‘with concentrated user bases typically focused on protecting intellectual property and corporate networks'. It will also offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, who are typically focused on protecting web-based financial transactions.

“We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users,” he said.

“As the leader in authentication solutions, our goal is to ensure that this growing threat environment does not impede the tremendous potential and opportunity of a trusted digital world. We believe that SecurID is the most powerful multi-factor authentication solution in the industry. Our customers remain our first priority.” 

Blogger Jacob Appelbaum said on his Twitter feed: “The RSA token compromise pretty much settles the ‘if we don't disclose the attackers won't know what to do' debate.”

Ori Eisen, founder and chief innovation officer at 41st Parameter, said: “These breaches prove how extremely adept certain elements have become at acquiring credentials for targets they want to penetrate.

“Authentication solutions are not instrumented to intuit when a seemingly perfect access request is actually corrupted. Designed to spot an impostors' ‘tells', fraud detection provides an additional layer of scrutiny, ensuring those who gain access with ostensibly good credentials really are who they portend to be.”

Dale G Peterson wrote on his blog that with the stolen SecurID data being used, there are questions on who is using it, who are their targets and are they selling the data? “For example, if you wanted to attack utility x, can you buy the SecurID data related to their tokens. This combined with a targeted phishing attack may be enough to get an adversary into the control centre with administrator credentials.

“For owner/operators that have secure remote access always on, it is time to look at and consider other authentication options besides the currently deployed SecurID tokens. The number of remote users is minimal, or at least they should be, so the change would not be massive like issuing new tokens or another solution to the entire company.

“If a small expenditure in time and money would remove the risk of the RSA compromise, it should be considered. Organisations that are high profile targets are at a higher risk and therefore have more incentive to change.”

Mike Smart, solutions director EMEA at SafeNet, said that organisations need to get new tokens soon, but this leaves them open to additional risk down the road.

He said: “Given how these breaches have hinged on the theft of the seed data, customers may be revisiting this fire drill again in the near future. Some one-time password (OTP) platforms can be inflexible and customers fear that a migration is a pain filled process. In the near term, customers can trade tokens for tokens but should migrate to platforms that provide them better migration capability and technology flexibility.

“It is not enough to just buy a token and rely on the vendor to guarantee you are protected. Network administrators guarding sensitive data must take ownership of their authentication management and OTP issuance as this removes the risk associated with vendor managed solutions.

“Customers would be advised to migrate to solutions which put them in control, offering capabilities like self provisioning and de-provisioning of tokens.

“Everyone knows that there will be some near term pain involved in switching out vulnerable tokens, but the wise traveller plans for the road ahead. My advice is to treat this unexpected event as an opportunity to prepare your organisation for the future.”


Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Researcher develops BadUSB code to compromise USB sticks - and their computer hosts

Researcher develops BadUSB code to compromise USB sticks ...

Karsten Nohl also reveals how an enhanced security approach can beat his USB architecture compromise.

Cybercrime threat landscape evolving rapidly

Cybercrime threat landscape evolving rapidly

New research claims to show that, whilst spam levels fell to a five-year low last month, the increasing complexity of cyber-criminal attacks shows no sign of easing, with increasing levels ...

Tor Project unearths attack that identifies users

Tor Project unearths attack that identifies users

Users of The Onion Router (TOR) network have been warned of an attack that could deanonymise them if they used the service from February to July this year.