Go read this feature on the 2011 RSA hack that redefined cybersecurity


Wired has published an in-depth feature on the 2011 hack of security company RSA, in which hackers stole the so-called “crown jewels of cybersecurity,” the secret keys forming a “crucial ingredient” of its SecurID two-factor authentication devices. It would go on to “redefine the cybersecurity landscape” with huge implications for not just RSA, but also the organizations that relied on its devices for their own security.

Wired’s Andy Greenberg describes the moment RSA analyst Todd Leetham discovered that hackers had accessed one of RSA’s most important pieces of data:

With a growing sense of dread, Leetham had finally traced the intruders’ footprints to their final targets: the secret keys known as “seeds,” a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.

One of the most interesting sections of the report describes how the hack affected the psychology of RSA’s employees, making them intensely paranoid. The company switched phone networks, started holding meetings in person, and shared documents on paper. The building was swept for bugs, and some office windows were covered in paper to prevent surveillance.

Paranoia was beginning to take hold in the company. The first night after the announcement, [RSA’s head of North American sales] remembers walking by a wiring closet and seeing an absurd number of people walking out of it, far more than he imagined could have ever fit. “Who are those people?” he asked another nearby executive. “That’s the government,” the executive responded vaguely.

The RSA hack was not only blamed for a subsequent hack of “at least one” US defense contractor, but it opened much of the world’s eyes to the danger of supply chain attacks. Rather than attacking a target directly, a supply chain attack sees hackers infiltrating one of their target’s suppliers to get behind their defenses, like what we saw with last year’s SolarWinds hack.

After 10 years of rampant state-sponsored hacking and supply chain hijacks, the RSA breach can now be seen as the herald of our current era of digital insecurity—and a lesson about how a determined adversary can undermine the things we trust most.

Wired’s feature is well worth a read.



Source link

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertisment

Latest posts

Microsoft needs to show Windows 11 is more than just Windows 10.5

Microsoft is about to unveil Windows 11 this morning, the company’s next major operating system. While a leak of Windows 11...

Listen to Spotify on this nostalgic iPod-style web music player

In an era before multitouch displays, the iPod’s click wheel was the king of music playback control. Now, a new project...

Google will now consider letting your video, music or book app evade its 30 percent cut

Google is opening up applications to a new program for developers of media apps that lets them keep more of what...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!