Researchers Uncover The Email That Led To The RSA Hack

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231600301/researchers-uncover-the-email-that-led-to-the-rsa-hack.html

By Tim Wilson
Dark Reading
Aug 26, 2011

Experts as F-Secure's research lab say they have discovered the original 
infected email that led to the breach of RSA's SecureID token 
technology.

In a blog published today, the researchers outlined their methods for 
finding the email, and offered a likely theory on how the security giant 
might have been infected.

"The current theory is that a nation-state wanted to break in to 
Lockheed-Martin and Northrop-Grumman to steal military secrets," the 
blog says. "They couldn't do it, since these companies were using RSA 
SecurID tokens for network authentication. So the hackers broke into RSA 
with a targeted email attack. They planted a backdoor and eventually 
were able to gain access to SecurID information that enabled them to go 
back to their original targets and succesfully break in."

In April, RSA disclosed the fact that the breach was caused by an email 
attachment, F-Secure explains, but it did not release the file and no 
one in the research community had seen it. But F-Secure researcher Timo 
Hervonen kept digging, and eventually found the file in the Virus Total 
cache.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/