Two Groups Representing a Single Nation State Responsible for March SecurID Attack

By

RSA has announced that two groups acting on behalf of a single nation state were behind an attack in March on the company, the maker of SecurID keys. SecurID keys are used by tens of millions of employees throughout the world to gain access to their corporate computer networks.

According to Art Coviello, chief executive of RSA, the hackers stole information later used in an attack on U.S. defense contractor Lockheed Martin. The attack forced RSA, which is the security division of data storage firm EMC, to offer replacement SecurID keys to all of its customers.

The security breach was just one of a number of high-profile hacking attacks on organizations ranging from Sony to the International Monetary Fund to the government of Australia. The attacks occurred during the past year and were carried out by criminals, governments and "hacktivists."

"We do know that it was one nation state because these groups were well coordinated," Coviello told Reuters in an interview at an RSA conference in London. "That much the forensic intelligence told us. One group was more surreptitious in their approach than the other. Is it possible that one was deliberately a little bit more visible than the other to mask the other? It's possible. We don't know."

RSA executives are unsure which nation state was behind the attack, although China has been blamed by a number of U.S. organizations for state-sponsored cyber attacks. For instance, Google blamed China for a June attempt to steal the passwords of hundreds of Gmail account holders. The incident provoked an angry response from China, which already has strained relations with Google.

It was also confirmed in February that hackers working out of China broke into the computer systems of five multinational oil and gas companies to steal bidding plans and other proprietary information, according to computer security firm McAfee. China has repeatedly stated that it does not condone hacking.

In July, EMC said the company had incurred a $66 million charge for the cost of responding to the SecurID breach and that RSA's growth would likely slow as a result. Coviello added that demand for replacement tokens has slowed to a trickle and that the company has a large inventory now.

Little more than 10 percent of the company's clients have asked for replacement tokens, according to Coviello. The tokens are used as electronic keys for accessing computer systems and are designed to circumvent hackers by requiring both a fixed PIN passcode and another six-digit number that is automatically generated, typically every 60 seconds.

"EMC took a charge," said Coviello. "The flow has not been as high as we thought. We'll leave the reserve there until we're satisfied and then we'll make a final judgment on the charge that we took," he added when asked if the charge may have been too high.




Edited by Rich Steeves
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributing Editor

SHARE THIS ARTICLE
Related Articles

Tech Podcast Award Winners Bring Excitement and Enthusiasm to a Range of Important Tech Topics

By: TMCnet Staff    6/18/2025

Tech Podcast Award winners produce engaging, informative, and often entertaining content, bringing valuable insight from industry front lines to the e…

Read More

How Mobile Technology is Driving the Shift to Casino Apps

By: Contributing Writer    6/12/2025

Recent years have seen casino apps completely changing the online casino experience. Thanks to mobile-first technology, apps are becoming the default.…

Read More

Decentralized IT Management: Fad or Future?

By: Contributing Writer    6/5/2025

Managing IT feels like an ongoing balancing act for many businesses. Centralized systems often create bottlenecks, slow down teams, and frustrate empl…

Read More

IT Management as a Driver of ESG Initiatives

By: Contributing Writer    6/5/2025

Businesses today face growing pressure to meet environmental, social, and governance (ESG) standards. Customers demand greener practices. Investors lo…

Read More

Everything You Need to Know About Mobile Casinos

By: Contributing Writer    5/30/2025

We live in the age of technology and we have come to solve things on the go, whether we are talking about personal or job-related issues. We have come…

Read More