“RSA was hacked in March. This was one of the biggest hacks in history.”
The device known as the RSA SecureID is widely relied on in big business and government. It is used to securely authorize users so as to prevent unauthorized access to sensitive networks and services. For years it has been the ‘gold standard’ , and considered to be highly secure and reliable.
But then one day this past March, it was revealed that the encryption used to make the devices secure had been compromised. All of the many users of the devices had to be issued replacement devices, and in the mean time it is possible that there were many security breaches as a result of the compromise.
This was what is considered an ‘advanced’ attack. An unknown party, very likely backed by a foreign government or military, blasted the company that makes the devices with an email that looked legitimate and contained an attachment, an excel spreadsheet. That excel spreadsheet was specially crafted to make use of an at that time unpatched vulnerability in Excel, so when the right user with the right type of access opened that attachment, the attackers were able to gain access to what were supposed to be secured systems. Once they had that access, they used it to gain other access, which ultimately led to them finding the secret information needed to ‘crack’ the device’s encryption.
There are many lessons to learn from all this, but one of the clearest is this: Be extra careful opening email attachments! Technology is a dangerous world and it pays to be cautious. At a minimum, if you are sent an attachment from someone you don’t recognize, don’t open it!
For more technical info on the hack and how it was tracked down, check out http://www.f-secure.com/weblog/archives/00002226.html
Categorized in: Code
Comments are closed.
WebSight Design is a Bay Area web design and development firm started in 1995. We build and manage websites for large corporations, as well as small and mid-size businesses looking to expand their reach. We specialize in search engine optimization, social media management, hosting, mobile development, and more.
Contact us today to see how WSD can take your business to the next level with our wide range of design, development, and internet marketing services.