Security firm learns limits of security tech

Apr 06, 2011 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, one of the world's premier computer security firms, learned the hard way.

The company is best known for its small security "tokens" that generate secondary passwords for accessing sensitive networks. Three weeks ago, the company disclosed that hackers had infiltrated RSA's own network in an "extremely sophisticated" attack, and made off with data that RSA still has yet to specify.

The break-in was alarming because of the breadth of RSA's business, and because it's rare to hear of a severe breach at a key .

Speculation is mounting about what was stolen. One possibility is that the attackers made off with the codes for how the tokens' passwords are generated, which would be serious for the military and banks and other institutions that use them.

Meanwhile, RSA has revealed a few details about how the attack happened.

The explanation is a reminder of how vulnerable a company can be when workers are hoodwinked, never mind that they're surrounded by cutting-edge hacking protections.

RSA, a division of leader EMC Corp., says the intruders got in by exploiting a flaw in the ubiquitous Adobe , and the gullibility of a worker who opened an infected spreadsheet inside an e-mail that carried the subject line "2011 Recruitment plan."

The Flash vulnerability was a so-called "zero day" flaw that hackers found before the , so it had no chance to fix it with an update. RSA says the flaw is now fixed.

"In our case the attacker sent two different phishing emails over a two-day period," RSA said in a blog post. "These emails were sent to two small groups of employees. When you look at the list of users that were targeted, you don't see any glaring insights; nothing that spells high profile or high value targets."

Once the worker's computer was infected, the attackers used it as a launching pad to hunt through the corporate network for users with more access to sensitive data. RSA would only say that even though the company caught the attack in progress, "there was time for the attacker to identify and gain access to more strategic users."

Many sophisticated breaches happen just as RSA's did. The fact that a company that makes some of the most widely used anti-hacking technology could itself be hacked should serve as a reminder of the limits of security technology in the face of previously unknown software bugs and expertly crafted scam e-mails. EMC, however, said it's rare to catch such an attack in progress, which it suggested speaks to the capabilities of the protections it has in place.

Apart from the hackers, there was another winner in the ordeal.

This week, EMC announced that it was buying Virginia-based NetWitness Corp., a network security firm that helped RSA detect the breach. It's led by Amit Yoran, the former director of the U.S. Department of Homeland Security's cybersecurity division.

Explore further: Twitter rules out Turkey office amid tax row

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

EMC's anti-hacking division hacked

Mar 18, 2011

The world's biggest maker of data storage computers on Thursday said that its security division has been hacked, and that the intruders compromised a widely used technology for preventing computer break-ins.

Recommended for you

Twitter rules out Turkey office amid tax row

3 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

5 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
not rated yet Apr 07, 2011
the intruders got in by exploiting a flaw in the ubiquitous Adobe Flash software, and the gullibility of a worker who opened an infected spreadsheet inside an e-mail
Obviously this "security firm" was/is working with generally available software. With software that automatically enables Adobe Flash. With software that allows one to open spreadsheets from within an email. With software that allows the infection of the OS with hostile and active additions that allow the attackers "to hunt through the corporate network".

I'm impressed. While I don't run a security firm and I'm not in any way engaged in the security software business these things simply can't happen on my LAN.
Adobe Flash is not working by default; spreadsheets cannot be opened from within emails; spreadsheet infections cannot be activated on my OSs. None of the existing executable, DLL, and/or registry malware can have any effect on my machines.

So why is a "security firm" using standard OSs on its PCs?

More news stories

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Unlocking secrets of new solar material

(Phys.org) —A new solar material that has the same crystal structure as a mineral first found in the Ural Mountains in 1839 is shooting up the efficiency charts faster than almost anything researchers have ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

New US-Spanish firm says targets rich mobile ad market

Spanish telecoms firm Telefonica and US investment giant Blackstone launched a mobile telephone advertising venture on Wednesday, challenging internet giants such as Google and Facebook in a multi-billion-dollar ...

Progress in the fight against quantum dissipation

(Phys.org) —Scientists at Yale have confirmed a 50-year-old, previously untested theoretical prediction in physics and improved the energy storage time of a quantum switch by several orders of magnitude. ...