The attack on systems of RSA in which information about the functioning of the SecurID sleutelgenerators was captured, is to be traced back to two groups. That allows RSA’s executive chairman Art Coviello. A government would be behind the attack sit.
The hack on the systems of RSA in march is back to lead to two groups, sets, Art Coviello, who the daily management of the company. When the attack was information about the functioning of the SecurID sleutelgenerators captured. SecurID sleutelgenerators be used for two-factor-authentication, which, in addition to a password, a randomly generated cryptographic key must be entered, and there are both software and in hardwarevorm. At the RSA Conference in London, where Tweakers.net present, gifts Coviello and medetopman Tom Heiser more information about the SecurID hack.
The two groups would be in command of a state have acted. According to Coviello, indicate the severity of the attack and the ‘sophisticated’ way in which this is carried out thereon, as well as the tools that hackers have had access to. Also would information of the American investigation point to the involvement of a foreign government. Coviello would not say to which country it would go, but already it is suspected that the Chinese government is behind this attack.
The two groups would be identified by the way they work and are acquaintances of the authorities, but it was not yet known that they were working together. “When the attack stopped, one group the other hand, over the head,” said Heiser. The attack of the one group was ‘present and visible’, while the other group in secret are going. The attackers would have known how the RSA network.
It is still unknown what information, exactly, is captured during the attack. Heiser and Coviello to say that that remains a secret, because there is an investigation. Both of them want to also do not indicate how many sleutelgenerators had to be replaced after the security incident. “But I can say that it is a relatively small number was,” says Coviello. “And in the meantime, all the generators that had to be replaced, actually replaced.” Earlier, it was just in the news that a large part of the used tokens would be replaced.
According to Heiser was RSA was not the target of the attack, but a means to somewhere else. The hackers would, however, not enough information have had to attack. “There is only one aanvalspoging on another company and that was without success,” says Heiser. As possible goes to aircraft manufacturer Lockheed Martin in may with security issues faced, and remote access to its network off.
“In the attack were two phishing emails used to come in to the company,” says Heiser. It was already known that phishing was used to; security company F-Secure claimed to have placed on the relevant e-mail. The hackers, according to F-Secure an Excel file with a malicious Flash object used to come in. RSA provides only that an Excel file is used.
RSA received from his customers criticism because the company immediately after the leak was discovered to the media stepped in. “At that time, however, this was the right decision,” says Heiser. Customers said they prefer to advance, to be informed, but that would be an overwhelming operation. “We have tens of thousands of customers,” said the ceo.
