Senior management from RSA revealed this week that the cyberattack that stole information about its SecurID authentication system last March was the work of two separate groups working on behalf of a nation state.
Speaking in London at the RSA Conference Europe 2011, RSA Executive Chairman Art Coviello said the investigation suggested the RSA attack was sponsored by a nation state (mainly because of its sophistication), although he said the forensic information did not allow him to say which country had been behind it.
RSA President Tom Heiser said it was clear two groups had worked in tandem to carry out the attack, with one providing support for the other.
Coviello insisted the attack had a limited effect because of the security procedures RSA had in place at the time of the attack. He also insisted no customers had suffered damage as a result of the breach, even though some of the stolen data was used to conduct an attack on Lockheed Martin. He said by using its NetWitness network monitoring product, which was acquired in April, RSA was able “to see the attack in action and remediate fast.”
Asked about the impact of the breach on RSA’s business, Coviello said only “a small proportion” of customers had taken up the company’s offer of replacing their SecurID tokens.
RSA’s Chief Security Officer Eddie Schwartz added that following the attack the company had imposed a “total lockdown” on its systems until investigators had fully understood the cause and extent of the attack. He said RSA staff was unable to access the Internet or use social networking sites during this period.
Schwartz said the company has slowly loosened some of the constraints. “We now allow LinkedIn to be used, but we still ban Twitter and Facebook,” he said, adding that the company is looking at allowing those sites in the future, but only in a virtual desktop environment where they can be closely managed.