Security firm learns limits of security tech

April 6, 2011 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, one of the world's premier computer security firms, learned the hard way.

The company is best known for its small security "tokens" that generate secondary passwords for accessing sensitive networks. Three weeks ago, the company disclosed that hackers had infiltrated RSA's own network in an "extremely sophisticated" attack, and made off with data that RSA still has yet to specify.

The break-in was alarming because of the breadth of RSA's business, and because it's rare to hear of a severe breach at a key .

Speculation is mounting about what was stolen. One possibility is that the attackers made off with the codes for how the tokens' passwords are generated, which would be serious for the military and banks and other institutions that use them.

Meanwhile, RSA has revealed a few details about how the attack happened.

The explanation is a reminder of how vulnerable a company can be when workers are hoodwinked, never mind that they're surrounded by cutting-edge hacking protections.

RSA, a division of leader EMC Corp., says the intruders got in by exploiting a flaw in the ubiquitous Adobe , and the gullibility of a worker who opened an infected spreadsheet inside an e-mail that carried the subject line "2011 Recruitment plan."

The Flash vulnerability was a so-called "zero day" flaw that hackers found before the , so it had no chance to fix it with an update. RSA says the flaw is now fixed.

"In our case the attacker sent two different phishing emails over a two-day period," RSA said in a blog post. "These emails were sent to two small groups of employees. When you look at the list of users that were targeted, you don't see any glaring insights; nothing that spells high profile or high value targets."

Once the worker's computer was infected, the attackers used it as a launching pad to hunt through the corporate network for users with more access to sensitive data. RSA would only say that even though the company caught the attack in progress, "there was time for the attacker to identify and gain access to more strategic users."

Many sophisticated breaches happen just as RSA's did. The fact that a company that makes some of the most widely used anti-hacking technology could itself be hacked should serve as a reminder of the limits of security technology in the face of previously unknown software bugs and expertly crafted scam e-mails. EMC, however, said it's rare to catch such an attack in progress, which it suggested speaks to the capabilities of the protections it has in place.

Apart from the hackers, there was another winner in the ordeal.

This week, EMC announced that it was buying Virginia-based NetWitness Corp., a network security firm that helped RSA detect the breach. It's led by Amit Yoran, the former director of the U.S. Department of Homeland Security's cybersecurity division.

Explore further: EMC's anti-hacking division hacked


Related Stories

EMC's anti-hacking division hacked

March 18, 2011

The world's biggest maker of data storage computers on Thursday said that its security division has been hacked, and that the intruders compromised a widely used technology for preventing computer break-ins.

Recommended for you

Researchers find tweeting in cities lower than expected

February 20, 2018

Studying data from Twitter, University of Illinois researchers found that less people tweet per capita from larger cities than in smaller ones, indicating an unexpected trend that has implications in understanding urban pace ...

Augmented reality takes 3-D printing to next level

February 20, 2018

Cornell researchers are taking 3-D printing and 3-D modeling to a new level by using augmented reality (AR) to allow designers to design in physical space while a robotic arm rapidly prints the work.

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Apr 07, 2011
the intruders got in by exploiting a flaw in the ubiquitous Adobe Flash software, and the gullibility of a worker who opened an infected spreadsheet inside an e-mail
Obviously this "security firm" was/is working with generally available software. With software that automatically enables Adobe Flash. With software that allows one to open spreadsheets from within an email. With software that allows the infection of the OS with hostile and active additions that allow the attackers "to hunt through the corporate network".

I'm impressed. While I don't run a security firm and I'm not in any way engaged in the security software business these things simply can't happen on my LAN.
Adobe Flash is not working by default; spreadsheets cannot be opened from within emails; spreadsheet infections cannot be activated on my OSs. None of the existing executable, DLL, and/or registry malware can have any effect on my machines.

So why is a "security firm" using standard OSs on its PCs?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.