More RSA Breach Companies Revealed?


Updated 11/3/2011: Added information about the Lockheed Martin breach and links to RSA details about the original attacks.

Arguably one of the most significant data breaches of the last decade, the cyberattack on RSA earlier this year that resulted in information about RSA SecurID tokens being compromised has had a wide-reaching impact on IT security. Not only did the attack reduce the effectiveness of RSA's widely-used SecureID tokens, but the breach also gave attackers the information they needed to launch potential attacks against companies that used RSA SecurID tokens for two-factor authentication. Lockheed-Martin was the first (and only) company that has publicly pointed the finger at the RSA breach for contributing to an attack on their systems. RSA has since offered to replace SecureID tokens for customers and recently provided additional details about the original attacks.

RSA SecurID token

Now security journalist and researcher Brian Krebs has posted some additional details about the aftermath of the breach, including a list of more than 700 companies that could have been impacted by the attack. Krebs cautions that inclusion on the list doesn't mean that any of the listed companies have been breached, but it does indicate "companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA."

For more clarification, Krebs posted the following:

A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations...may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.

The list Krebs posted is a lengthy one, and it includes corporate tech giants such as Cisco, eBay, Facebook, Google, IBM, Intel, Motorola, Novell, Research in Motion (RIM), Seagate, Verisign, and VMware. Krebs doesn't reveal his source for this list of companies. While it's unclear how many companies on this list were also under threat by the original RSA attackers, the information provided by Krebs does underscore how potentially wide-reaching the original RSA attack was.

What are your thoughts on the RSA breach and Kreb's blog post? Let me know what you think by adding a comment to this blog post or starting up a conversation on Twitter.

Please or Register to post comments.

What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×