RSA Security, a division of EMC Corp. has admitted that it was the victim of a sophisticated attack that resulted in the theft of secrets related to its SecurID two-factor authentication product.
The disclosure came in a blog post by RSA chief Art Coviello on Thursday. Coviello said that the company faces attacks every day, but had recently become aware of
“an extremely sophisticated cyber attack in progress,” which he characterized as being “in the category of an Advanced Persistent Threat (APT).” RSA’s investigation subsequently concluded that the attackers had made off with company secrets, including “information…specifically related to RSA’s SecurID two-factor authentication products.”
SecurID is RSA multi-factor authentication technology. SecurID includes a range of technologies used to implement multi-factor authentication tools like one-time password generators and secure access cards. Corporations and other organizations use SecurID to give employees secure access to resources such as corporate networks over virtual private network (VPN) connections, e-mail and other assets.
Coviello said that the company was confident that the stolen information wouldn’t enable a successful attack on any SecurID customers, but that it could be used to “reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” RSA is talking to customers about possible attack scenarios and helping them to “strengthen their SecurID implementations,” Coviello wrote.
RSA, EMC’s security division, is a leading provider of secure authentication solutions and counts government agencies as well as high profile corporations among its customers. It is unclear who is behind the attack, though the term “APT” was originally a code word within military and intelligence circles for the People’s Republic of China.
Whatever the case, theft of secrets related to SecurID could be used generically, or as a component of another, larger attack.