Wired has released an in-depth feature on the 2011 RSA security company’s hack, in which hackers stole so-called “cybersecurity crown jewels,” the secret keys that formed a “crucial ingredient” to their devices. SecurID two-factor authentication. It would go on to “redefine the cybersecurity landscape” with huge implications not only for RSA, but also for organizations that relied on their devices for their own security.
Wired’s Andy Greenberg describes the time RSA analyst Todd Leetham discovered that hackers had accessed one of RSA’s most important data:
With a growing sense of fear, Leetham had finally traced the intruders ’footprints to their ultimate goals: the secret keys known as“ seeds, ”a collection of numbers that represented a fundamental layer of the security promises RSA went through. make its customers, including tens of millions of users in government and military agencies, defense contractors, banks and countless corporations around the world.
One of the most interesting sections of the report describes how the hack affected the psychology of RSA employees, making them intensely paranoid. The company switched to the telephone network, began holding meetings in person, and shared paper documents. The building was swept away for errors and some office windows were covered in paper to prevent surveillance.
Paranoia was beginning to gain strength in the company. The first night after the announcement, [RSA’s head of North American sales] he remembers going through a wiring closet and seeing an absurd number of people coming out of it, far more than he imagined it would ever fit. “Who are these people?” he asked another nearby executive. “This is the government,” the executive replied vaguely.
The RSA hack was not only guilty of a subsequent hack by an “at least one” US defense contractor, but also opened much of the world to the danger of attacks on the supply chain. Instead of directly attacking a target, an attack on the supply chain sees hackers infiltrating one of their target vendors to get their defenses, like the one we saw with SolarWinds hacking of the year past.
After ten years of state-sponsored piracy and supply chain hijackings, now RSA breach can be seen as the herald of our current era of digital insecurity, and a lesson in how a determined adversary it can undermine the things we trust most.
The Wired feature is worth reading.