RSA has finally admitted publicly that the March breach into its systems has resulted in the compromise of their SecurID two-factor authentication tokens.
The admission comes in the wake of cyber intrusions into the networks of three US military contractors: Lockheed Martin, L-3 Communications and Northrop Grumman – one of them confirmed by the company, others hinted at by internal warnings and an unusual domain name and password reset process.
RSA’s Chairman Art Coviello has stated that the company is offering to virtually all of its customers to replace the SecurID tokens they are currently using or to provide security monitoring services. For financial institutions, RSA is offering to also provide transactions monitoring.
No additional details about what the RSA attackers did steal that allowed them to misuse the tokens, but it seems likely that both the seeds that link every token to a specific account and the algorithm that calculates the numeric sequence generated by the token have been compromised.
Security experts are dissatisfied with RSA’s failure to reveal the exact nature of the stolen information, saying that it allowed the subsequent breaches and that it made its customers unaware of the real danger. Coviello defended the company’s decision by saying that they didn’t want to reveal to the hackers how to mount further attacks.
According to the WSJ, the investigation into the RSA attack has pointed out that the attackers might target defense contractors, but it’s unclear if that happened before or after the attacks have already begun. RSA has apparently began working with the contractors in order to prevent intrusions but – at least for Lockheed Martin – the help was not timely.
After the breach, Lockheed Martin said that their systems remain secure, and that no customer, program or employee personal data has been compromised, but there are those who doubt it.
RSA is expected to replace practically every one of the 40 million SecurID tokens currently used.