Subscribe: Comments on: Who Else Was Hit by the RSA Attackers?
http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/feed/
Added By: Feedage Forager Feedage Grade A rated
Language:
Tags:
bad  brian  companies  company  compromised  don  experts  hit  information  list  pcs  rsa  security experts  security  source  tokens 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: Who Else Was Hit by the RSA Attackers?

Comments on: Who Else Was Hit by the RSA Attackers?



In-depth security news and investigation



Last Build Date: Tue, 24 Apr 2018 05:37:08 +0000

 



By: ET

Tue, 15 Nov 2011 17:36:06 +0000

I work for a large federal government agency, and a couple of months ago several people in my office received emails directing them to change their passwords, although no reason was provided. I contacted all of them and they all used the departments RSA Secure token. I spoke with the head of IT security for my division, and he wasn't aware of oany compromise of the department's tokens. The next day, I spoke with the director of IT security for the entire department, andwhen I asked him if we had been affected by the RSA breach, he refered to some obscure report and claimed that we hadn't. Oddly enough, our depatrment is not on the list provided on this blog. Two weeks later, a mass mailer indicated that our RSA tokens had been compromised. By the way, the head of IT security for our department came from another federal agency that made headlines when their data was compromised.



By: Al Macintyre

Sat, 05 Nov 2011 16:03:59 +0000

I know of a specific case, but cannot reveal lots of details, where ONE PC on a corporate network was compromised, and the end result was the corporation lost over $ 1 million in bank accounts, that it never recovered. This was caused by a combination of behaviors which could have been avoided with better badware education in the work place, so that people would be better able to recognize what is suspicious. I also remember incident, where ONE TOP MANAGER lack of security introduced virus to SEVERAL company PCs, then everyone was told NOT to use specific PCs until tech support completed fixing them all. ANOTHER person had trouble with her PC printer, so she made the rounds of printers attached to different offices PCs until she got her stuff printed satisfactorily. In the process, she visited PCs with the virus not yet fixed, and unknowingly redistributed to many co-worker PCs, including many that tech support had just spent several days fixing. This was an issue of badware literacy in the workplace, and lack of IT having authority over what the PC users are doing.



By: Al Macintyre

Sat, 05 Nov 2011 15:47:50 +0000

Thanks you for the list. As always, you provide dynamite information on the dimensions of security threats and risks. There have been many attacks, where we do not know which were helped by others. We try to protect ourselves from badware, hackers, phishing, a spectrum of attack paths, but the idea that our providers of internet services, hardware, software, been penetrated, that is a scary notion of what implications. RSA attack both reduced effectiveness of RSA's widely-used SecureID tokens, but the breach also gave attackers info they needed to launch potential attacks against companies using RSA SecurID tokens for two-factor authentication. Hackers stole from Google – source code for Gaia, a password management program – and tried to steal its signing certificates.



By: Nicole

Fri, 04 Nov 2011 04:53:42 +0000

Thanks for the list!. I agree with JS that if workstations or other resources deeper in the company that have been compromised it should be caught by the internal monitoring of traffic anomalies outbound. I work for a security software company, EZMCOM. We are currently conducting an online survey to find out business security threats, such as identity theft, white collar crimes etc. Participants will be enrolled to a lucky draw in which there are iPod shuffles to be won. I would greatly appreciate if you can just take 2-4minutes from your time to complete the survey by following this link http://www.surveymonkey.com/s/2HCM8TJ. Thanks guys!



By: blade

Wed, 02 Nov 2011 01:21:55 +0000

Only issue my org is on the list and the only thing we did was ask RSA to replace the tokens. I don't blame Brian, he used the information he was provided, which was FUD and FUD hurts progress. But it does generate media attention. If it's on the internet it must be true. Just hope Congress gets the facts before jumping off into the deep end of the pool and hammering folks trying to do their jobs in the "do more with less" budget environment.



By: anna

Mon, 31 Oct 2011 21:18:58 +0000

Its a shame that most people prefer negative [Its Bad!] 'news', and can't be bothered to learn about why those things became 'bad' and even more interesting how to actually Fix such common bad habits. Anyone knows why this is?



By: oper207

Sun, 30 Oct 2011 21:26:25 +0000

Brian Job well Done Bro , if Brian has the goods to write about RSA breach well trust him I do . Say all you want bitch all you want ask all you want to reveal the info well he has to give you "NOTHING" . You all got to quit PHISHING for the source (FISHING) for all you don't understand . As Paul Harvey used to say the next page ok everyone. I'm waiting to see what he writes next as a follow up . :)



By: desihyd

Sun, 30 Oct 2011 15:40:34 +0000

That's why this whole article is speculative. "May", "should" or "security experts" and hiding behind journalistic immunity to not disclose sources makes it more a best hollywood novel and not written by someone who knows anything about computers.



By: JCitizen

Sat, 29 Oct 2011 20:59:06 +0000

Well Richard - you don't seem to have a bad attitude to me! Thanks for posting!



By: Richard Steven Hack

Fri, 28 Oct 2011 22:58:00 +0000

This is a circus... Let's review what Brian ACTUALLY SAYS: "Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure." OK. What part of "dozens" doesn't anyone here get? If any of you have a complaint with that, take it up with the "security experts", not Brian. "But so far, no one has been willing to talk publicly about which other companies may have been hit. " What part of "may" doesn't anyone here get? "Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list." Again, note the words "suggests" and "some". "The information below was shared with congressional staff." Irrelevant to the basic point. This originated either from said congressional staff OR from said "security experts". If you have a beef about the methodology, take it up with them. Oh, wait, Brian has already told you he can't reveal his source. So it's time to stop asking for it. Take the information as revealed for what it's worth to YOU. "Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA." That's ALL it says. A machine "phoned home", i.e., presumably connected from its IP to the IP of a C&C machine. Where does Brian claim that every single one of those machines 1) was controlled by said C&C, 2) necessarily was actually "phoning home" as opposed to some other relatively rare event like being a honeypot or whatever, and 3) had a full compromise with extracted proprietary data? "A few caveats are in order here." Read this list. It covers most of the complaints here. "First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit." "Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims." "Finally, some of these organizations (there are several antivirus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks." All of which makes perfect sense and does not detract from the overall point that some, most or (less likely) all of the listed companies may have a security issue. As I've been posting over at Bruce Schneier's blog (until I got banned for a "bad attitude" :-) ), my meme is: "There is no security. Suck it up." The more extended version is: "You can haz better security. You can haz worse security. But you cannot haz 'security' (in any absolute sense)." The bottom line is, as has been demonstrated at company after company in the last few years, if someone wants to get in and has the patience, time, and resources to do so, they WILL get in. And even at some allegedly "well protected" companies, it has proven amazing EASY for them to get in. So anyone who works at any of the companies on this list who thinks the list can be ignored because they 1) don't have details about the source IP, 2) the methodology of r[...]