SecurID provider RSA said yesterday it would reissue 40 million RSA SecurID key fobs globally following a “very sophisticated” cyber attack in March.
Click to enlarge
The SecurID key fobs or tokens are used by several high profile Australian government departments including Defence, Prime Minister and Cabinet, Treasury, Tax Office as well as banks like Westpac, to protect e-mails, networks and often come as a USB assigned to a computer user that generates an authentication code at fixed intervals of between 30 – 60 seconds.
However RSA have now moved to recall all key fobs held worldwide, which runs into an estimated 40 million, something which it declined to do until now, following the discovery last week of an “attempted broader attack” on Lockheed Martin, a major U.S. government defence contractor.
“Certain characteristics of the attack on RSA indicated that the perpetrator’s most likely motive was to obtain an element of security information that could be used to target defense secrets and related IP, rather than financial gain, PII, or public embarrassment.,” said RSA, owned by EMC.
“For this reason, we worked with government agencies and companies in the defense sector to replace their tokens on an accelerated timetable as an additional precautionary measure.”
The US Defence dept were also among users of key fobs. The attack was a follow on from information taken from the first cyber attack in March.
However, although Lockheed Martin has stated that this attack was thwarted and RSA have insisted the attack on Lockheed Martin “does not reflect a new threat or vulnerability in RSA SecurID technology.”
An official from the Australian Department of Parliamentary Service, said its staff including MPs use 1800 of the key fobs, although refused to confirm whether PM Julia Gillard is among the users of the security tokens.
“We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers’ overall risk tolerance,” RSA added.
However, Westpac whose customers use key fobs when transferring from one account to another, won’t be recalling its tokens, it told ChannelNews.
“We do have employees who use the tokens but their online account security was not compromised,” a Westpac spokesperson confirmed.
The cyber attack compromsied vulnerabilities in certain types of systems only, which didn’t include the bank, she added.
In March RSA representatives said that the hackers e-mailed groups of employees at RSA, which is a unit of storage concern EMC and that the e-mails included a Microsoft Excel spreadsheet as an attachment, labelled “2011 Recruitment Plan”.
When opened, the attachment exploited a hole then in most versions of Flash, now fixed by software updates from Adobe, that gave the attackers control of at least one user’s machine.
The control technology was a version of what is called Poison Ivy, which was also used in GhostNet, described by analysts as a large Chinese spying operation.