RSA Hacked; SecurID Customers At Risk?


RSA customers could be at risk after the company's two-factor SecurID tokens fell victim to what it's calling sophisticated cyber-attack.

Art Coviello, executive chairman of Bedford, Mass.-based RSA, the security arm of EMC, told customers in an open letter this week that RSA had recently identified an attack in progress against RSA and its investigation revealed that an Advanced Persistent Threat (APT) was carried out against the company and information specifically related to RSA's SecurID two-factor authentication products was extracted.

Two-factor authentication is the process where users provide two independent identifying factors to obtain access to systems. In the case of SecurID, the two authentication factors would be a password and a physical token. RSA's SecurID products are used on PCs, USB drives and other devices for an extra layer of security that goes beyond user names and passwords to grant access to systems.

Coviello wrote that it does not appear that any customers were attacked, but that the data gathered could be used to weaken the defense provided by SecurID products.

"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello wrote in the letter detailing the attack on RSA's SecurID offering. "We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."

The attack comes roughly a month after RSA hosted its annual RSA Conference, which has become the de facto IT security conference in the nation.

Coviello wrote that there is no evidence that any customer security related or other RSA products have been victims of the attack. No EMC products were affected, Coviello added.

"It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident."

Coviello said RSA will mount a full court press to ensure that it provides its SecurID customers tools, processes and support needed to bulk up their systems in the face of the attack. RSA's partners will play a key role.

"Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers' relevant partners," Coviello wrote.

NEXT: RSA SecurID Attack > Customer Next Steps