http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231600301/researchers-uncover-the-email-that-led-to-the-rsa-hack.html By Tim Wilson Dark Reading Aug 26, 2011 Experts as F-Secure's research lab say they have discovered the original infected email that led to the breach of RSA's SecureID token technology. In a blog published today, the researchers outlined their methods for finding the email, and offered a likely theory on how the security giant might have been infected. "The current theory is that a nation-state wanted to break in to Lockheed-Martin and Northrop-Grumman to steal military secrets," the blog says. "They couldn't do it, since these companies were using RSA SecurID tokens for network authentication. So the hackers broke into RSA with a targeted email attack. They planted a backdoor and eventually were able to gain access to SecurID information that enabled them to go back to their original targets and succesfully break in." In April, RSA disclosed the fact that the breach was caused by an email attachment, F-Secure explains, but it did not release the file and no one in the research community had seen it. But F-Secure researcher Timo Hervonen kept digging, and eventually found the file in the Virus Total cache. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Mon Aug 29 2011 - 02:27:09 PDT
This archive was generated by hypermail 2.2.0 : Mon Aug 29 2011 - 02:28:57 PDT