RSA Replaces SecurID Tokens After Lockheed Hack

Security vendor RSA will replace SecurID tokens for customers due to the rising atmosphere of cyber-threat

RSA on Monday said it would offer to replace SecurID authentication tokens for certain customers, following the use of SecurID data in an attack on US military contractor Lockheed Martin.

The offer follows RSA’s admission last week that SecurID data stolen in an attack on the company’s systems in March had indeed been used in the Lockheed Martin hack.

Replacement scheme

RSA said the token replacement scheme has nothing to do with a string of attacks that have recently been carried out on high-profile targets including Epsilon, Sony, Google, PBS, and Nintendo.

“These attacks are totally unrelated to the breach at RSA, but point to a changing threat landscape and have heightened public awareness and customer concern,” said RSA executive chairman Art Coviollo in an open letter to customers on Monday.

Rather, he said RSA’s offer to replace the SecurID tokens was due to the increasingly hostile environment for cyber-attacks generally, which is putting customers on their guard.

“We are expanding our security remediation program to reinforce customers’ trust in RSA SecurID tokens and in their overall security posture,” Coviello stated.

RSA began the remediation programme following the March attacks, by publishing a series of remediation steps customers could implement in order to be confident of their continued security.

Precautionary measures

At the time RSA also worked with government agencies and companies in the military sector to replace their tokens “as an additional precautionary measure”, Coviello wrote.

That was because, as RSA said at the time, the March attack on its systems appeared to be in preparation for an attack targeting military secrets and intellectual property, Coviello said.

“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related IP, rather than financial gain, PII (personally identifiable information), or public embarrassment,” he wrote.

The offer to replace SecurID tokens will be aimed at customers with “concentrated user bases typically focused on protecting intellectual property and corporate networks”, Coviello said.

RSA will also work with “consumer-focused companies with large, dispersed user base, typically focused on protecting web-based financial transactions” to improve their authentication strategies.

Further attacks

L-3 Communications and Northrop Grumman were also attacked at around the same time as Lockheed Martin, but Coviello said to date there was no indication these attacks were related to the SecurID breach.

A SecurID token generates a constantly changing series of numbers that employees can use, along with their own passwords, to access corporate networks.

While RSA insisted that the system continues to be safe, competitor Stonesoft said customers would be better off using dynamic rather than static products.

“It is a far safer method of security as systems can easily be modified and updated if a breach occurs, thus minimising the risk of further breaches taking place,” said Ash Patel, Stonesoft’s country manager for UK & Ireland, in a statement.