RSA confirms stolen tokens' role in Lockheed hack
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
EMC's security division admits that SecurID tokens stolen from it in March were used in attack on US defense contractor
RSA Security has confirmed reports that security tokens stolen from it in March 2011 were used in a cyber attack US defense contractor Lockheed Martin last month.
In an open letter published yesterday, RSA chairman Art Coviello said it has "confirm[ed] that information taken from RSA in March [was] used as an element of an attempted broader attack on Lockheed Martin".
Coviello denied that the SecurID token system had been fundamentally compromised, however. "It is important for customers to understand that the attack on Lockheed Martin does not reflect a new threat or vulnerability in RSA SecurID technology," he wrote.
The company nevertheless offered to replace customers' existing SecurID tokens, which are used to add an extra authentication factor to IT systems.
Coviello implied that attacks were politically or militarily motivated. "The fact that the only confirmed use to date of the extracted RSA product information involved a major U.S. defense contractor only reinforces our view on the motive of this attacker."
Lockheed Martin, one of the US government's largest suppliers, said that no sensitive information was compromised in the attack.
