Related Links

  • RSA Conference
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • RSA Europe 2011: ‘Fragile’ state of security requires new ‘agile’ model
    Plan for your security to fail, and be agile in response to these failures. This was the framework for a new model of security outlined by Hugh Thompson during his keynote at the RSA Europe Conference in London today.
  • Senators ask SEC for national guidelines on data breach disclosures
    In response to recent data breaches at RSA, Epsilon, and Sony, a group of five Democratic senators is asking the Securities and Exchange Commission (SEC) to issue national guidelines regarding breach disclosure.
  • RSA 2011: RSA delegate security blundere exposed
    Sophos' Australia-New-Zealand head of technology Paul Ducklin has posted an amusing - as well as educational - summary of a security blunder he encountered on his trip to the RSA 2011 conference in San Francisco last week
  • 'Passphrases' not PINs, say Corsaire
    A combination of poorly-chosen passwords and weak authentication security is putting internet users at risk of a serious security breach, according to security experts at Corsaire.
  • Securing third parties? Yes we CAMM!
    It was at the RSA show in San Francisco in March that Adrian Davis, senior research consultant, ISF, first mentioned two initiatives: CAMM – the common assurance maturity model – and the ISF third-party standard. Several months later, Eleanor Dallaway sat down with Davis and Raj Samani, CTO, McAfee EMEA, to discuss the initiatives that have the power to change the industry, for the better

Top 5 Stories


RSA resident reveals 2011 security attack was two-pronged

12 October 2011

RSA president Tom Heiser surprised many industry experts at RSA Europe yesterday by revealing that the widely publicized attack on his firm's systems seven months ago was a two-pronged attack, rather than a single incursion.

Speaking in his keynote at the RSA Europe conference, Heiser said that two hacker groups cooperated in the attacks and that the groups had not been seen cooperating before.

The two-pronged attack, he told the audience, involved a mid-hack switch of attack vectors that his IT teams were aware of while they were happening.

“These people were persistent. The remote attack was adapted to meet RSA's internal naming convention”, he said, adding that the attack was probably coded up just hours before it was unleashed on the company's servers.

The attack code, he went on to say, was observed as having the ability to copy and encrypt data [on the RSA systems, ready for exfiltration.

“We watched and responded in real time”, he said, adding that it soon became clear that the motive was to gain access to defense-related information, suggesting that the RSA attack was simply a means to an end – and RSA was not the primary target.

Contradicting media reports of earlier this year, Heiser asserted that RSA was pro-active in its communications with the IT security industry and went public on the attack immediately, posting a letter to the site – which he claims received 200,000 hits.

“17,000 partners were also notified about what had happened. We also offered remediaton to our defense customers, knowing that they were the real target”, he explained.

The lessons that RSA – and the industry generally – can learn from the attack, said the RSA president, are that the threat landscape is evolving and the attack vectors are also evolving.

The takeout from the attack, said Heiser, was that this was not a frontal attack that the industry has seen before.

The conclusions, he went on to say, are that people are now the most valuable asset when it comes to IT security.

RSA, he explained, moved its most capable people up front to handle the situation and, within a week, issued an open letter explaining what had happened.

Despite this, Heiser admitted that many stakeholders commented that RSA could have done more.

But the good news, he added, is that the attackers did leave some information behind and this, he claimed, has assisted in the ongoing investigation.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×