RSA hackers may have hit several hundred firms, says security researcher

This token may have been just one of several hundred victims of a hack that hit RSA in March
This token may have been just one of several hundred victims of a hack that hit RSA in March

According to Brian Krebs of the Krebs on Security newswire, the subtext of the story was that if this could happen to one of the largest and most integral security firms, and so, he asks: What hope was there for organizations that aren’t focused on security?

“Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to talk publicly about which other companies may have been hit”, he noted in his latest security posting.

The former Washington Post reporter goes on to say his research suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA – and almost 20% of the current Fortune 100 companies are on this list, he asserted.

The list makes for fascinating reading, including a number of communications giants such as AT&T and BT, Infosecurity notes. It will be interesting to see how these companies respond to Krebs' claims.

A few caveats are required about this list, he said, noting that many of the network owners listed are ISPs and are likely to be included because some of their subscribers were hit.

Secondly, he said, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims.

“Finally, some of these organizations – there are several anti-virus firms mentioned below – may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks”, he wrote.

Krebs' assertions come in the wake of comments from RSA president Tom Heiser at the RSA Europe event earlier this month, Infosecurity notes, in which he revealed that the attack on RSA's systems in March was a two-pronged attack, rather than a single incursion.

Speaking in his keynote at the RSA Europe conference, Heiser said that two hacker groups cooperated in the attacks and that the groups had not been seen cooperating before. The two-pronged attack, he told the audience, involved a mid-hack switch of attack vectors that his IT teams were aware of while they were happening.

“These people were persistent. The remote attack was adapted to meet RSA's internal naming convention”, he said, adding that the attack was probably coded up just hours before it was unleashed on the company's servers. The attack code, he went on to say, was observed as having the ability to copy and encrypt data [on the RSA systems], ready for exfiltration.

The big question is – assuming Heiser was transparent in his comments – what data the hackers made off with from the 760-plus third party companies who have also been hit by the 'RSA hackers'?

What’s Hot on Infosecurity Magazine?