The December 2022 issue of IEEE Spectrum is here!

Close bar

News reports surfaced last night and this morning that SecurID, the major two-factor authentication security product of RSA (which is the security division of the EMC Corporation), has been the target of a sophisticated cyber attack.

As described by the Boston Globe this morning:

"SecurID is used by 40 million people in 30,000 organizations worldwide, including banks and government agencies... SecurID randomly generates a number once a minute, displaying it on a small device carried by a user. To gain entry to a computer network protected by SecurID, the user must type in this number, along with a traditional password."

EMC outlined the attack in an 8-K filing with the US Security and Exchange Commission (SEC) late yesterday. In the filing, EMC wrote that:

"Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities."

"Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

Arthur Coviello, Jr., Executive Chairman of RSA further elaborated on the situation in an open letter to RSA customers:

"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT)...  We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident...   We regret any inconvenience or concern that this attack on RSA may cause for customers."

RSA has issued nine recommendations to its customers to deal with the risk posed by the hacking attempt. These are aimed at tightening up organizational security practices, watching for signs of a possible security breach such as unusual changes in user privileges and access rights, and "harden[ing], closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software."

EMC, in its SEC filing, said that based on what it knows now:

"EMC does not believe that the matter described in the letter and note will have a material impact on its financial results."

If a successful hack of SecurID is reported, expect that to change considerably.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less