Security firm learns limits of security tech

Apr 06, 2011 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, one of the world's premier computer security firms, learned the hard way.

The company is best known for its small security "tokens" that generate secondary passwords for accessing sensitive networks. Three weeks ago, the company disclosed that hackers had infiltrated RSA's own network in an "extremely sophisticated" attack, and made off with data that RSA still has yet to specify.

The break-in was alarming because of the breadth of RSA's business, and because it's rare to hear of a severe breach at a key .

Speculation is mounting about what was stolen. One possibility is that the attackers made off with the codes for how the tokens' passwords are generated, which would be serious for the military and banks and other institutions that use them.

Meanwhile, RSA has revealed a few details about how the attack happened.

The explanation is a reminder of how vulnerable a company can be when workers are hoodwinked, never mind that they're surrounded by cutting-edge hacking protections.

RSA, a division of leader EMC Corp., says the intruders got in by exploiting a flaw in the ubiquitous Adobe , and the gullibility of a worker who opened an infected spreadsheet inside an e-mail that carried the subject line "2011 Recruitment plan."

The Flash vulnerability was a so-called "zero day" flaw that hackers found before the , so it had no chance to fix it with an update. RSA says the flaw is now fixed.

"In our case the attacker sent two different phishing emails over a two-day period," RSA said in a blog post. "These emails were sent to two small groups of employees. When you look at the list of users that were targeted, you don't see any glaring insights; nothing that spells high profile or high value targets."

Once the worker's computer was infected, the attackers used it as a launching pad to hunt through the corporate network for users with more access to sensitive data. RSA would only say that even though the company caught the attack in progress, "there was time for the attacker to identify and gain access to more strategic users."

Many sophisticated breaches happen just as RSA's did. The fact that a company that makes some of the most widely used anti-hacking technology could itself be hacked should serve as a reminder of the limits of security technology in the face of previously unknown software bugs and expertly crafted scam e-mails. EMC, however, said it's rare to catch such an attack in progress, which it suggested speaks to the capabilities of the protections it has in place.

Apart from the hackers, there was another winner in the ordeal.

This week, EMC announced that it was buying Virginia-based NetWitness Corp., a network security firm that helped RSA detect the breach. It's led by Amit Yoran, the former director of the U.S. Department of Homeland Security's cybersecurity division.

Explore further: Twitpic to stay alive with new owner

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

EMC's anti-hacking division hacked

Mar 18, 2011

The world's biggest maker of data storage computers on Thursday said that its security division has been hacked, and that the intruders compromised a widely used technology for preventing computer break-ins.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
not rated yet Apr 07, 2011
the intruders got in by exploiting a flaw in the ubiquitous Adobe Flash software, and the gullibility of a worker who opened an infected spreadsheet inside an e-mail
Obviously this "security firm" was/is working with generally available software. With software that automatically enables Adobe Flash. With software that allows one to open spreadsheets from within an email. With software that allows the infection of the OS with hostile and active additions that allow the attackers "to hunt through the corporate network".

I'm impressed. While I don't run a security firm and I'm not in any way engaged in the security software business these things simply can't happen on my LAN.
Adobe Flash is not working by default; spreadsheets cannot be opened from within emails; spreadsheet infections cannot be activated on my OSs. None of the existing executable, DLL, and/or registry malware can have any effect on my machines.

So why is a "security firm" using standard OSs on its PCs?