RSA hack puts security on notice
Thousands who rely on SecurID encryption for applications such as Internet banking and secure network access are having a nervous wait for detailed information about the RSA hack announced this week.
RSA has so far only made a series of generic statements that its network was breached and information was obtained that could be used to reduce the effectiveness of two-factor authentication.
From the public statements made thus far, it is most likely the hackers have gained access to RSA Token generator files, according to Ty Miller, the Chief Technology Officer at Australia’s Pure Hacking, a specialist Australian security team that specialises in all forms of penetration testing and secure infrastructure design.
“It seems to be the case that someone has hacked in and stole the Token Generator,” he said.
The impact will not be to automatically make your network or bank accounts vulnerable, but it could pose a threat if you let down your guard in other ways, according to Miller.
“RSA’s immediate remediation steps were to be careful of social networks and clicking on links in emails and Web sites, which says they are warning us to be wary of social engineering or phishing attacks.
“When SecurID is used it is actually only one factor out of four; you still need to know where to go with your browser, you need to know your username, your password and your TokenID. From what RSA has been saying there is the chance that someone out there could generate your Token numbers, but they still have to find out the other three things.”
Pure Hacking has performed successful “spear” phishing attacks against networks that use authentic securID tokens, by sending targetted emails and convincing users to enter their username, password and Token Number details in to a dummy login page.
“That gives us a 60-second window to hack into the network before the TokenID changes again, but once we log out we have to do it all over again. There difference with these guys is they can generate the ID again, so if they get your username and password you will be totally compromised.”
“There is a freely available tool called Cain from www.oxid.it where you can feed the RSA file and it will generate the token, so if they have stolen the private unique key files from RSA then they will be able to impersonate anyone’s token.”
The tip from Pure Hacking is to review the security you have around usernames and passwords, until it is likely that RSA will generate new token generators for its SecurID customers in banking and network security.