RSA's SecurID Hack Leads to Lockheed Network Disruption

Friday, May 27, 2011



Security expert Robert Cringely has posted a troubling article asserting that the recent network disruption at defense contractor Lockheed is the result of compromised security tokens issued by the recently breached security vendor RSA.

Word is that Lockheed disabled their employees remote access privileges while the company reissued new RSA SecurID tokens to all telecommuting workers, as well as requiring all employees with network access to change their passwords.

In mid-March RSA, the security division of EMC, announced they had suffered a breach stemming from an attack on their network systems.

What little information is available indicates that the hackers targeted proprietary information related to RSA's SecurID two-factor authentication systems.

"It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network," Cringely writes.

RSA's SecurID is a product designed to prevent unauthorized access to enterprise network systems, and exposure of proprietary information about the product could in turn make RSA's clients more vulnerable to hacks themselves.

"The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it. A breach like this is very subtle and not easy to spot. There will be many aftershocks in the IT world from this incident," said Cringely.

While few details have ever been released that could give analysts an understanding of the scope and impact of the RSA breach, the unauthorized access to sensitive material regarding SecurID could still have wide spread impact.

RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.

"But is this the only such instance of a major corporate network break-in? The very fact that we haven’t heard anything about this (I hadn’t, had you?) makes me think this probably ISN’T the first such network penetration from the recent RSA hack… or the last," Cringely postulates.


Possibly Related Articles:
Network Access Control
RSA Authentication Tokens Network Access Control Remote Access Headlines hackers breach SecurID Lockheed
Post Rating I Like this!
Robb Reck This is really scary stuff. Should RSA tokens no longer be considered a second authentication factor? Time to start buying Phone Factor or something?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.