The February 2023 issue of IEEE Spectrum is here!

Close bar

SecurID - Used by 30,000 Organizations and 40 Million People - Sees Security Reliability Partially Compromised

Customers told to tighten up security practices and monitor their IT systems

2 min read
SecurID - Used by 30,000 Organizations and 40 Million People - Sees Security Reliability Partially Compromised

News reports surfaced last night and this morning that SecurID, the major two-factor authentication security product of RSA (which is the security division of the EMC Corporation), has been the target of a sophisticated cyber attack.

As described by the Boston Globe this morning:

"SecurID is used by 40 million people in 30,000 organizations worldwide, including banks and government agencies... SecurID randomly generates a number once a minute, displaying it on a small device carried by a user. To gain entry to a computer network protected by SecurID, the user must type in this number, along with a traditional password."

EMC outlined the attack in an 8-K filing with the US Security and Exchange Commission (SEC) late yesterday. In the filing, EMC wrote that:

"Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities."

"Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

Arthur Coviello, Jr., Executive Chairman of RSA further elaborated on the situation in an open letter to RSA customers:

"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT)...  We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident...   We regret any inconvenience or concern that this attack on RSA may cause for customers."

RSA has issued nine recommendations to its customers to deal with the risk posed by the hacking attempt. These are aimed at tightening up organizational security practices, watching for signs of a possible security breach such as unusual changes in user privileges and access rights, and "harden[ing], closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software."

EMC, in its SEC filing, said that based on what it knows now:

"EMC does not believe that the matter described in the letter and note will have a material impact on its financial results."

If a successful hack of SecurID is reported, expect that to change considerably.

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less