Categories: SecurityWorkspace

RSA Replaces SecurID Tokens After Lockheed Hack

RSA on Monday said it would offer to replace SecurID authentication tokens for certain customers, following the use of SecurID data in an attack on US military contractor Lockheed Martin.

The offer follows RSA’s admission last week that SecurID data stolen in an attack on the company’s systems in March had indeed been used in the Lockheed Martin hack.

Replacement scheme

RSA said the token replacement scheme has nothing to do with a string of attacks that have recently been carried out on high-profile targets including Epsilon, Sony, Google, PBS, and Nintendo.

“These attacks are totally unrelated to the breach at RSA, but point to a changing threat landscape and have heightened public awareness and customer concern,” said RSA executive chairman Art Coviollo in an open letter to customers on Monday.

Rather, he said RSA’s offer to replace the SecurID tokens was due to the increasingly hostile environment for cyber-attacks generally, which is putting customers on their guard.

“We are expanding our security remediation program to reinforce customers’ trust in RSA SecurID tokens and in their overall security posture,” Coviello stated.

RSA began the remediation programme following the March attacks, by publishing a series of remediation steps customers could implement in order to be confident of their continued security.

Precautionary measures

At the time RSA also worked with government agencies and companies in the military sector to replace their tokens “as an additional precautionary measure”, Coviello wrote.

That was because, as RSA said at the time, the March attack on its systems appeared to be in preparation for an attack targeting military secrets and intellectual property, Coviello said.

“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related IP, rather than financial gain, PII (personally identifiable information), or public embarrassment,” he wrote.

The offer to replace SecurID tokens will be aimed at customers with “concentrated user bases typically focused on protecting intellectual property and corporate networks”, Coviello said.

RSA will also work with “consumer-focused companies with large, dispersed user base, typically focused on protecting web-based financial transactions” to improve their authentication strategies.

Further attacks

L-3 Communications and Northrop Grumman were also attacked at around the same time as Lockheed Martin, but Coviello said to date there was no indication these attacks were related to the SecurID breach.

A SecurID token generates a constantly changing series of numbers that employees can use, along with their own passwords, to access corporate networks.

While RSA insisted that the system continues to be safe, competitor Stonesoft said customers would be better off using dynamic rather than static products.

“It is a far safer method of security as systems can easily be modified and updated if a breach occurs, thus minimising the risk of further breaches taking place,” said Ash Patel, Stonesoft’s country manager for UK & Ireland, in a statement.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago