Last Updated on May 26, 2011
05/27 Update: Several Sources report that the “large U. S. Defense contractor” hit by the alleged compromised seeds attack could be Lockheed Martin.
It was only a matter of time… And not only of the time necessary to synchronize the RSA Algorithm…
A bolt from the blue! Source report some details of the alleged first attack to a very large U. S. Defense contractor perpetrated by mean of compromised RSA seeds.
Late on Sunday all remote access to the internal corporate network was disabled. All workers were told was that it would be down for at least a week. Folks who regularly telecommute were asked to come into nearby offices to work. Then earlier today (Wednesday) came word that everybody with RSA SecureID tokens would be getting new tokens over the next several weeks. Also, everybody on the network (over 100,000 people) would be asked to reset their passwords, which means admin files have probably been compromised.
It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network.
Fortunately the contractor was able to detect the breach and to manage it, avoiding worst consequences.
But many questions remain unsolved: was this the first attempt? Were all the seeds compromised during the famous breach? For Sure it will not be the last and my sixth sense and one half thinks we will have to get used to this kinds of attacks.
As I told in previous post I am more and more convinced that the final target of the attack was not RSA…
Related articles
- Some Random Thoughts On RSA Breach (paulsparrows.wordpress.com)
- What do RSA, Epsilon and Sony breaches have in common? (paulsparrows.wordpress.com)
Pingback: Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry « The Aviationist
Pingback: Phoning Home to China « Il Blog di Paolo Passeri
Pingback: APTs and Security Information Management « Il Blog di Paolo Passeri
Pingback: Finally I Saw One! « Il Blog di Paolo Passeri
Pingback: Antisec hacks another Defense Contractor? « Il Blog di Paolo Passeri
Pingback: The Two Faces of Hacking « Il Blog di Paolo Passeri
Pingback: The Mother Of All Breaches « Il Blog di Paolo Passeri
Pingback: Another One Bytes The Dump « Il Blog di Paolo Passeri
Pingback: 2011 Cyber Attacks (and Cyber Costs) Timeline (Updated) « Il Blog di Paolo Passeri
Pingback: Another Breach In The Wall « Il Blog di Paolo Passeri
Pingback: (IN)SecureID « Il Blog di Paolo Passeri
Pingback: More Random Thoughts on the RSA Breach « Il Blog di Paolo Passeri
Pingback: Some Random Thoughts On RSA Breach « Il Blog di Paolo Passeri