Share

Related Links

  • RSA Conference
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

RSA resident reveals 2011 security attack was two-pronged

12 October 2011

RSA president Tom Heiser surprised many industry experts at RSA Europe yesterday by revealing that the widely publicized attack on his firm's systems seven months ago was a two-pronged attack, rather than a single incursion.

Speaking in his keynote at the RSA Europe conference, Heiser said that two hacker groups cooperated in the attacks and that the groups had not been seen cooperating before.

The two-pronged attack, he told the audience, involved a mid-hack switch of attack vectors that his IT teams were aware of while they were happening.

“These people were persistent. The remote attack was adapted to meet RSA's internal naming convention”, he said, adding that the attack was probably coded up just hours before it was unleashed on the company's servers.

The attack code, he went on to say, was observed as having the ability to copy and encrypt data [on the RSA systems, ready for exfiltration.

“We watched and responded in real time”, he said, adding that it soon became clear that the motive was to gain access to defense-related information, suggesting that the RSA attack was simply a means to an end – and RSA was not the primary target.

Contradicting media reports of earlier this year, Heiser asserted that RSA was pro-active in its communications with the IT security industry and went public on the attack immediately, posting a letter to the RSA.com site – which he claims received 200,000 hits.

“17,000 partners were also notified about what had happened. We also offered remediaton to our defense customers, knowing that they were the real target”, he explained.

The lessons that RSA – and the industry generally – can learn from the attack, said the RSA president, are that the threat landscape is evolving and the attack vectors are also evolving.

The takeout from the attack, said Heiser, was that this was not a frontal attack that the industry has seen before.

The conclusions, he went on to say, are that people are now the most valuable asset when it comes to IT security.

RSA, he explained, moved its most capable people up front to handle the situation and, within a week, issued an open letter explaining what had happened.

Despite this, Heiser admitted that many stakeholders commented that RSA could have done more.

But the good news, he added, is that the attackers did leave some information behind and this, he claimed, has assisted in the ongoing investigation.

This article is featured in:
Compliance and Policy  •  Data Loss  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×