RSA – the security arm of data storage company EMC – is warning its customers that their data may be at risk, following an ‘extremely sophisticated’ cyberattack.
The company’s multifactor authentication security system involves the use of electronic tokens – SecurID – which generate a time-based number for a user to input along with their password.
The system’s used by around 25,000 organizations, including government agencies, banks and the military.
“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” says executive chairman Art Coviello in an open letter to customers.
“We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.”
Coviello doesn’t reveal exactly what data might have been stolen. The fear is that it could include source code revealing vulnerabilities in the system, or the seed codes for clients that would allow the attacker to generate the time-based code allowing access to client systems.
The attack appears to have been an Advanced Persistent Threat of the type which attacked Google in 2009 and led to the closure of its operations in China.
RSA says its investigating the attack and is working with the authorities.
Graham Clueley of security form Sophos described the announcement as ‘astonishing’. “No doubt more information will begin to come out soon, as RSA’s clients reveal what else they have gleaned from the company,” he says.