Wired has published an in-depth attribute on the 2011 hack of protection corporation RSA, in which hackers stole the so-named “crown jewels of cybersecurity,” the mystery keys forming a “crucial ingredient” of its SecurID two-factor authentication devices. It would go on to “redefine the cybersecurity landscape” with enormous implications for not just RSA, but also the organizations that relied on its equipment for their personal protection.
Wired’s Andy Greenberg describes the minute RSA analyst Todd Leetham found that hackers experienced accessed a single of RSA’s most crucial items of data:
With a developing perception of dread, Leetham experienced lastly traced the intruders’ footprints to their remaining targets: the secret keys regarded as “seeds,” a assortment of figures that represented a foundational layer of the stability guarantees RSA manufactured to its buyers, together with tens of tens of millions of users in govt and military services companies, protection contractors, financial institutions, and plenty of organizations all-around the environment.
1 of the most fascinating sections of the report describes how the hack influenced the psychology of RSA’s staff, generating them intensely paranoid. The company switched cellphone networks, commenced keeping conferences in human being, and shared paperwork on paper. The creating was swept for bugs, and some business office home windows ended up coated in paper to reduce surveillance.
Paranoia was beginning to take keep in the business. The 1st night time soon after the announcement, [RSA’s head of North American sales] remembers walking by a wiring closet and observing an absurd amount of men and women going for walks out of it, much extra than he imagined could have at any time in shape. “Who are those people?” he asked a further close by govt. “That’s the governing administration,” the executive responded vaguely.
The RSA hack was not only blamed for a subsequent hack of “at least one” US protection contractor, but it opened substantially of the world’s eyes to the risk of source chain assaults. Fairly than attacking a concentrate on directly, a offer chain assault sees hackers infiltrating just one of their target’s suppliers to get at the rear of their defenses, like what we noticed with last year’s SolarWinds hack.
After 10 a long time of rampant state-sponsored hacking and supply chain hijacks, the RSA breach can now be found as the herald of our present-day period of electronic insecurity—and a lesson about how a determined adversary can undermine the items we trust most.
Wired’s aspect is perfectly worthy of a read through.