RSA to replace SecureID tokens – confirms Lockheed Hack linked to compromise

Today, RSA has confirmed that the compromise of its SecureID system assisted the hack on Lockheed Martin. Sadly, as with most things, RSA seem very slow and reluctant to release any information.

From PC Pro Magazine:

RSA has confirmed that information stolen from it by hackers lead to the attack against Lockheed Martin.

In March, RSA admitted it had been hacked, saying details of its SecurID system may have been leaked.

Last week, RSA customer Lockheed Martin said it too had been attacked, raising questions about why the defence contractor hadn’t better secured its systems following the SecurID breach.

As mentioned in our last article, it is likely that Lockheed Martin will survive this and even though damaged, RSA will probably survive, for most businesses this sort of impact would be the end.

Normally (and apparently in this situation) the big clients get dealt with first so if you use the RSA SecureID token as part of your multifactor authentication, but you aren’t a multinational US DoD contractor, you may want to consider an alternate set of controls until they get round to replacing your tokens. If you haven’t already done so, you need to be getting your risk management process underway.

Taz Wake - Halkyn Security

Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.