Rsa Security Breach

RSA Security Breach (March 2011)

About the Company

RSA is the Security division of EMC. RSA SecurID was the mechanism developed by RSA for providing a two-factor user authentication system for the users to a network resource.

RSA securID mechanism generates a “token” which is given to the user of the network and generates authentication codes at fixed time intervals.A user which is trying to access the network has to enter both “personal identification number” and the number being displayed on the RSA SecurID token.

Information Assets Affected

It was estimated that approximately 40-million employee records were stolen.There were some hints that the breach involved the threat of RSA’s database mapping token serial numbers to the secret token "seeds" that were injected to make each one unique.This costed EMC $66.3 million to cover the costs of investigation and to harden its monitoring system and monitoring the transactions of its corporate customers.

Vulnerabilities

The most common vulnerability of a password keeper is loss of that key device with the token.RSA SecurID tokens were not designed to protect against ‘man in the middle’ attack.If the attacker manages to block the authenticated user from gaining access to the server before the arrival of the next token the attacker will be able to gain access to the server.Also the system was vulnerable to ‘man in browser attack’ in which the attackers took advantage of the vulnerabilities of the browser.

Threats

RSA SecurID commanded over 70% of the two-factor user authentication market over 25 million devices.The hackers floated out phishing emails to two small groups of employees which had a malware attached to it.When the employee opened the file the malware exploited the vulnerability in the Adobe Flash Player. This allowed the hackers to gain access to the control machine and access the servers of the RSA network. The only way in which the attacker could manage a successful attack without the physical...