Yet another wrinkle in the ongoing flood of cyber security stories emerging over the past couple of weeks: RSA Security–maker of those little keychain tokens that generate constantly changing passwords for users logging into secure networks–is offering increased security monitoring and the complete replacement of SecurID tokens to nearly all of its customers after evidence emerged that the recent cyber attack on Lockheed Martin was perpetrated in part using data stolen from RSA.
That’s something of a massive recall. RSA’s SecureID tokens add a second layer of protection to employees’ static passwords via a keyfob-like device that displays a second numeric password necessary to log on. That password changes every 30 seconds, ensuring that even if someone steals an employee’s regular password, the perpetrator still won’t be able to access a secure server without possession of the SecureID token.
At least that was the idea. Back in March, RSA experienced its own cyber attack, and in a letter issued to customers yesterday it admitted that it has been working behind the scenes ever since to shore up cyber defenses at its defense-oriented clients, as an analysis of the hack at RSA indicated that the perps were seeking information that could be used to breach defense-related companies.
The letter also admitted that data stolen from RSA was used to breach Lockheed Martin’s networks (specifically, the hackers used duplicates of the SecureID tokens issued to Lockheed employees).
That doesn’t bode particularly well for RSA or for American corporations’ cyber defense abilities on the whole, seeing as cyber security is RSA’s bread and butter and its core competency. Considering its SecureID tags are employed by millions of corporate workers–including those at various other defense-related companies–this latest revelation isn’t exactly welcome news for anyone (except the hackers who got away with it). RSA is now scrambling to replace tokens and offer additional security monitoring for its non-defense-related clients.