EMC security division hacked; RSA products used by government, military potentially at risk

In a filing with the Securities and Exchange Commission (SEC), information management company EMC admitted that an “extremely sophisticated” attack was in progress against its computer network. Specifically targeting the company’s security division, the intruders stole confidential data related to RSA’s SecurID products. EMC acquired RSA Security in the fourth quarter of 2006 for just under $2.1 billion. RSA SecurID provides a form of two-factor authentication that implements a second layer of network security to protect against outside threats and compromised passwords — the technology is used by governments, the military, financial institutions, hospitals, and businesses around the globe. RSA declined to comment on the nature of the attack, or provide information on exactly how much data was accessed by the network intruders.

In its SEC filing, the company said it was “confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers.” EMC’s executive chairman Art Coviello stated that the breach would have a minimal impact on its other products and financial results.

“Security is at the heart of RSA’s brand promise,” an industry expert who declined to be identified told BGR. “This will certainly have a negative effect on how customers view the company and its products.”

“These aren’t kids in basements doing this: these are the threats that, if you’re targeted, you better have your data, infrastructure, and people locked-down,” said Mike Halsall, a senior network and information security analyst at the Massachusetts Institute of Technology, in a message to BGR. “EMC has a lot of [intellectual property] to protect and it’s hard to protect every bit, at every instant, from every threat.”

EMC said it is providing “immediate remediation steps” to its RSA customers.

“These are the attacks we’ll keep seeing, and they’re only going to get better at pulling them off,” Halsall continued. “With the SecurID issue, though, I don’t think the sky is falling, but you might want to keep your umbrella handy; or think about open-source alternatives.”

blog comments powered by Disqus