Inside Story : How RSA was got hacked !
The hack final calendar month at RSA Security has been shrouded inwards mystery.
How did a hacker get produce to infiltrate i of the world’s top computer-security companies? And could the information that was stolen survive used to impair its SecurID products, which are used past times forty meg businesses that are trying to continue their ain networks security from intruders?
The partition of the EMC Corporation is staying mum virtually what just was stolen from its figurer systems, aside from that is was information related to SecurID.
But on Fri RSA shed to a greater extent than or less lite on the nature of the attack. In a spider web log post titled “Anatomy of an Attack,” the company’s caput of novel technologies, Uri Rivner, described a three-stage functioning that was like to several other recent prominent attacks on engineering companies, including a 2009 assail on Google that it said originated inwards China.
In the assail on RSA, the assaulter sent “phishing” e-mails alongside the bailiwick line “2011 Recruitment Plan” to 2 small-scale groups of employees over the course of didactics of 2 days. Unfortunately, i was interested plenty to recall i of these messages from his or her junk postal service together with opened upward the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw inwards Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a spell to cook that hole.
After installing a stealthy tool that allowed the hacker to command the auto from afar, he stole several concern human relationship passwords belonging to the employee together with used them to gain entry into other systems, where he could gain access to other employees alongside access to sensitive data, Mr. Rivner said.
Then came phase three: spiriting RSA files out of the fellowship to a hacked auto at a hosting provider, together with thus on to the hacker himself.
The assaulter left few traces. But an unclassified document from the U.S.A. of America Computer Emergency Readiness Team (US-CERT) obtained past times the blogger Brian Krebs revealed iii Web addresses used inwards the intrusion, i of which includes the letters “PRC,” which could get upward to the People’s Republic of PRC — or it could survive a ruse.
According to Mr. Rivner, it’s hard for companies alongside the world’s most sophisticated defenses to halt this newfangled “advanced persistent threats,” which are made strong past times the combination of low-tech “social-engineering” cons together with a high-tech zero-day assail that antivirus software won’t recognize.
That RSA detected the assail inwards progress was a victory, he argued. Many other companies striking past times like attacks “either detected the attacks afterward months, or didn’t notice them at all together with learned virtually it from the government,” he said. “As an industry, nosotros bring to human activeness fast together with educate a novel defence doctrine; the happy days of goodness onetime hacking are gone, together with gone besides are the onetime defence paradigms.”
But to a greater extent than or less security experts ridiculed the notion that the assail was sophisticated. Jeremiah Grossman, founder of WhiteHat Security, posted on Twitter: “I can’t say if this RSA APT spider web log post is truly beingness serious or an Apr 1st gag. The content is absurd either way.”
News Source : http://bits.blogs.nytimes.com
The hack final calendar month at RSA Security has been shrouded inwards mystery.
How did a hacker get produce to infiltrate i of the world’s top computer-security companies? And could the information that was stolen survive used to impair its SecurID products, which are used past times forty meg businesses that are trying to continue their ain networks security from intruders?
The partition of the EMC Corporation is staying mum virtually what just was stolen from its figurer systems, aside from that is was information related to SecurID.
But on Fri RSA shed to a greater extent than or less lite on the nature of the attack. In a spider web log post titled “Anatomy of an Attack,” the company’s caput of novel technologies, Uri Rivner, described a three-stage functioning that was like to several other recent prominent attacks on engineering companies, including a 2009 assail on Google that it said originated inwards China.
In the assail on RSA, the assaulter sent “phishing” e-mails alongside the bailiwick line “2011 Recruitment Plan” to 2 small-scale groups of employees over the course of didactics of 2 days. Unfortunately, i was interested plenty to recall i of these messages from his or her junk postal service together with opened upward the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw inwards Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a spell to cook that hole.
After installing a stealthy tool that allowed the hacker to command the auto from afar, he stole several concern human relationship passwords belonging to the employee together with used them to gain entry into other systems, where he could gain access to other employees alongside access to sensitive data, Mr. Rivner said.
Then came phase three: spiriting RSA files out of the fellowship to a hacked auto at a hosting provider, together with thus on to the hacker himself.
The assaulter left few traces. But an unclassified document from the U.S.A. of America Computer Emergency Readiness Team (US-CERT) obtained past times the blogger Brian Krebs revealed iii Web addresses used inwards the intrusion, i of which includes the letters “PRC,” which could get upward to the People’s Republic of PRC — or it could survive a ruse.
According to Mr. Rivner, it’s hard for companies alongside the world’s most sophisticated defenses to halt this newfangled “advanced persistent threats,” which are made strong past times the combination of low-tech “social-engineering” cons together with a high-tech zero-day assail that antivirus software won’t recognize.
That RSA detected the assail inwards progress was a victory, he argued. Many other companies striking past times like attacks “either detected the attacks afterward months, or didn’t notice them at all together with learned virtually it from the government,” he said. “As an industry, nosotros bring to human activeness fast together with educate a novel defence doctrine; the happy days of goodness onetime hacking are gone, together with gone besides are the onetime defence paradigms.”
But to a greater extent than or less security experts ridiculed the notion that the assail was sophisticated. Jeremiah Grossman, founder of WhiteHat Security, posted on Twitter: “I can’t say if this RSA APT spider web log post is truly beingness serious or an Apr 1st gag. The content is absurd either way.”
News Source : http://bits.blogs.nytimes.com
Share This :
comment 0 Comments
more_vert