Gen. Keith Alexander, the head of the US Cyber Command and the National Security Agency, told the Senate Armed Services Committee that Chinese hackers were behind well publicized attacks last year, including the compromise of RSA.
Chinese hackers stole RSA’s “underlying software” during the attack; if China “can do it against RSA that means almost all companies are vulnerable", Alexander was quoted as saying by AOL Defense.
In written testimony, Alexander stressed that the breach of RSA had significant implications for the Department of Defense and the US defense industry.
“A large number of enterprises, including some in the Department of Defense, rely on two-factor authentication using RSA tokens. Indeed, the systems of some non-DoD users were breached not long after the compromise by intruders exploiting the stolen certificates. Cyber Command had immediately recognized the danger to DoD information systems, warned those DoD networks at risk, and took swift mitigation efforts”, the general told the committee.
At the RSA 2012 conference held last month, RSA Chairman Arthur Coveillo Jr. admitted that his company had dropped the ball in not preventing the breach. He said that he felt the breach “personally” and that the company has struggled to regain its reputation in the security community.