In an open letter, Art Coviello, the executive chairman of RSA (the security division of EMC), made public the fact that the company has suffered a breach and data loss following an “extremely sophisticated cyber attack.”
Categorizing the attack as an Advanced Persistent Threat – a term that is often associated with corporate espionage and state sponsored attacks – he said that their investigation revealed that the information extracted from the company systems is related to its SecurID two-factor authentication products, which are widely used by government agencies, private companies and other large organizations to add an additional layer of security for when employees log into their companies’ networks.
“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” said Coviello. “We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack.”
He made sure to point out that customer or employee personally identifiable information has not been compromised, and that they are working with their customers to strengthen the security of their IT systems.
No further details about the incident have been revealed at this time, since the investigation is also mounted by the authorities – very likely by government security agencies. The lack of definite information has resulted in widespread speculation on the Internet.
According to ZDNet, security expert Dan Kaminsky says that it is not impossible that the database that links SecurID serial numbers to seeds (card’s factory-encoded random key) has been compromised, which would mean that the attackers would be able to know all generated tokens at any given time and even know which organizations are using them.
Until more details are known, he advises administrators to be on the lookout for unusual use of SecurID on external-facing interfaces.
RSA also issued a set of rather broad recommendations for its customers, but offered no specific details about the compromise.
EMC says it doesn’t expect the company to suffer any financial repercussions following the breach, but it seems a little too optimistic since SecurID currently commands around 70% of the two-factor authentication market, and is a major source of revenue for RSA.