RSA Blames Nation State For Cyber Attack

← Back to Stories (view on slashdot.org)

RSA Blames Nation State For Cyber Attack

Posted by Soulskill on Tuesday October 11, 2011 @02:25PM from the guess-we-can-rule-out-the-amish dept.

An anonymous reader writes "Security firm RSA has revealed that it believes two groups, working on behalf of a single nation state, hacked into its servers and stole information related to the company's SecurID two-factor authentication products. Speaking at the RSA Security Conference in London, RSA executive chairman Art Coviello described the high profile attack thus: 'There were two individual groups from one nation state, one supporting the other. One was very visible and one less so. We've not attributed it to a particular nation state although we're very confident that with the skill, sophistication and resources involved it could only have been a nation state.' Sophos security researcher Graham Cluley questions how RSA has concluded that a country was responsible for the attack — when RSA is unwilling to name who it suspects. Could it be that the firm is simply applying spin, describing the attack as a 'highly sophisticated Advanced Persistent Threat' to protect its image?"

145 comments

Min score:

Reason:

Sort:

Everyone's going to accuse by aBaldrich · 2011-10-11 14:28 · Score: 5, Informative

China

--
In soviet russia the government regulates the companies.
1. Re:Everyone's going to accuse by hannza · 2011-10-11 14:35 · Score: 1
  
  quite possibly. or russia, or north korea.
2. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 14:40 · Score: 0
  
  or Iran.
3. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 14:43 · Score: 0
  
  or Israel
4. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 14:47 · Score: 0
  
  or New Zeland...oh, wait...
5. Re:Everyone's going to accuse by quenda · 2011-10-11 14:51 · Score: 1
  
  And I suppose China must have been behind Stuxnet as well?
  The Chinese are not the only ones in this game.
6. Re:Everyone's going to accuse by martin-boundary · 2011-10-11 14:53 · Score: 1
  
  Everyone's going to accuse China
  
  China: "No I'm not"
7. Re:Everyone's going to accuse by symbolset · 2011-10-11 15:02 · Score: 4, Interesting
  
  China's active in this stuff, as is North Korea, several former Soviet Republics, Israel, Western Europe, and most of South America. Well, to be honest, most of the planet, but everywhere else is where some proxies are. You might as well say "I don't know".
  The nation-state claim is based on depth of analysis of technologies, leveraging of classified information not known to be leaked, sophistication of attacks. Also maybe on RSA's desire to say "What can we do against a the dedicated resources of a nation-state?"
  This idea basically says Uncle Sam doesn't have any folks trolling the dark side of the Internet yet, where folks from all over freely share all sorts of amazing shit. They still don't get it. The dark side is where a lot of really interesting data warehouse technologies come from, years later. Most of these geeks aren't into it to do crime - it's just where the algorithm action is.
  It doesn't require a nation-state's resources to do this. Fifty thousand geeks in their mom's basement will do if a hundred of them are Aspies - and they are. They'll do it for the lulz, and on their backtrace they'll drag a red herring across a nation state if it amuses them to do so. Or they'll taint the Church of Scientology instead if that's their thing this week. It would take a nation-state to fund that level of effort, to coordinate that level of action - unless they do it for free for the lulz and the aspies organize it for them for free because it's a puzzle worthy of their attention. No resources are required except the neighbor's open Wifi because Mom provides the Hot Pockets and Mountain Dew.
  /Not saying it wasn't a nation-state, but have no faith in the analysis.
  
  --
  Help stamp out iliturcy.
8. Re:Everyone's going to accuse by ColdWetDog · 2011-10-11 15:22 · Score: 2
  
  This idea basically says Uncle Sam doesn't have any folks trolling the dark side of the Internet yet, where folks from all over freely share all sorts of amazing shit. They still don't get it. The dark side is where a lot of really interesting data warehouse technologies come from, years later. Most of these geeks aren't into it to do crime - it's just where the algorithm action is.
  
  Not sure how you can come to that conclusion. If the US three letter agencies have a presence in the "dark side" of the Internet, it's not as if they're going to post it on 4Chan. Sometimes you let people get away with things in order not to compromise sources.
  From the standpoint of a mere mortal, a dumb poster on Slashdot, we'll never know.
  
  --
  Faster! Faster! Faster would be better!
9. Re:Everyone's going to accuse by Tasha26 · 2011-10-11 15:40 · Score: 1
  
  If history has taught us anything, the culprit has to be an oil-rich country and the US has to be able to win a war against it... Iran!
10. Re:Everyone's going to accuse by cheeks5965 · 2011-10-11 15:57 · Score: 1
  
  Most of these geeks aren't into it to do crime - it's just where the algorithm action is.
  someday i hope you can experience the joys of a woman.
  
  --
  -- Flame me and I will happily flame you back. Bring it!
11. Re:Everyone's going to accuse by garyebickford · 2011-10-11 16:13 · Score: 4, Informative
  
  I was at a conference in 1999 where a Navy officer spoke. At that time the DoD was in the process of setting up three separate cyber warfare battalions, working on both defense and offense. He did mention that until recently-at-that-time it had been a hard slog getting the brass to wake up, but things were starting to move faster. IIRC a battalion is about 500 'soldiers' plus some number of support staff (Wikipedia sez 300-1200 total).
  I would expect that in the 12 years since then the size of this effort has expanded by up to 2 orders of magnitude. There are literally thousands of nondescript buildings in shopping malls and industrial parks all over the country filled with folks doing all sorts of eyes-only burn-before-reading stuff, and I'm sure that a lot of that is cyber warfare research, training and activity. Part of the plan back in 1999 was to enlist major companies in information sharing regarding security threats to the economic infrastructure. Some of that effort got put into CERT early on, but I expect there are more classified levels of that going on.
  Keeping the baddies out of Ford, SmithKline or even Proctor & Gamble is almost as important as keeping them out of several levels of DoD. Warfare has always been a fundamentally economic activity.
  If I had the head for that sort of thing and were a lot younger I'd think seriously about getting into that - it would make for a very 'secure' future. :)
  
  --
  It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
12. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 16:22 · Score: 0
  
  Herro Prease- PF Chang's is front for hackers
13. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 16:24 · Score: 0
  
  ... that's not a country.
14. Re:Everyone's going to accuse by EnempE · 2011-10-11 16:36 · Score: 1
  
  China's active in this stuff, as is North Korea, several former Soviet Republics, Israel, Western Europe, and most of South America. Well, to be honest, most of the planet, but everywhere else is where some proxies are. You might as well say "I don't know".
  missed Iran in there, I think most of South America is a big claim, Brazil maybe but the rest of them are happy enough using actual guns to annoy their neighbours
  The nation-state claim is based on depth of analysis of technologies, leveraging of classified information not known to be leaked, sophistication of attacks. Also maybe on RSA's desire to say "What can we do against a the dedicated resources of a nation-state?"
  Agree, it is the ultimate excuse.
  This idea basically says Uncle Sam doesn't have any folks trolling the dark side of the Internet yet, where folks from all over freely share all sorts of amazing shit. They still don't get it. The dark side is where a lot of really interesting data warehouse technologies come from, years later. Most of these geeks aren't into it to do crime - it's just where the algorithm action is.
  I think just some are happy hackers, most others are payed to do it by DoD, or are making a little on the side
  It doesn't require a nation-state's resources to do this. Fifty thousand geeks in their mom's basement will do if a hundred of them are Aspies - and they are. They'll do it for the lulz, and on their backtrace they'll drag a red herring across a nation state if it amuses them to do so. Or they'll taint the Church of Scientology instead if that's their thing this week. It would take a nation-state to fund that level of effort, to coordinate that level of action - unless they do it for free for the lulz and the aspies organize it for them for free because it's a puzzle worthy of their attention. No resources are required except the neighbor's open Wifi because Mom provides the Hot Pockets and Mountain Dew.
  That is a nice concept but can you imagine trying to manage a joint project of 49,900 geeks and 100 Aspies? it would be like herding lolcats, I think a feat like that would take an amount of hot pockets and mountain dew that would requre some pretty deep pockets. I am not being rude here, I honestly think we are all somewhere on the scale between paris hilton and rainman (both fictional characters) but the lack of social skills would hinder such a project methinks
  /Not saying it wasn't a nation-state, but have no faith in the analysis.
  True, but this is the security industry we are talking about, where there are 8 billion new viruses every minute and 17 billion new zero days, and whatever else number that you can loosely statistically justify if it proves the value of your product/budget. Nobody really trusts anything anymore.
  p.s. That is one awesome ID number you are rocking.
15. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 16:39 · Score: 0
  
  china is not a nation state
16. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 16:46 · Score: 0
  
  Uhhh, North Korea? Really? Where did the NK hackers learn, well, ANYTHING about modern systems? They certainly couldn't pay foreigners to do it. NK is a non-player in this game. Their IP block is not seen anywhere, ever. How, exactly, would they pull something like this off? They are the most isolated, backward nation on the planet. They are not a threat to anybody.
  Hell, I'm pretty sure they don't even have nuclear weapons. They probably just buried a few thousand tons of TNT and blew it up. All we have measured for NK nukes is seismic activity. They could easily bury some weak nuclear material with the TNT to give some sort of impression of radioactivity.
17. Re:Everyone's going to accuse by symbolset · 2011-10-11 16:56 · Score: 1
  
  If you were a subscriber here on /. you could read back my comment history where I discussed these things at length not only with outside folks like you, but also with the senior Microsoft program manager who initially resisted, and then came around to my point of view after further outside analysis and discussion with internal experts. They didn't do it as thouroughly as I'd have liked, but they did do it. That's how Microsoft came to deprecate Autorun. I did that. Me, and me only. If you're willing to pay ten bucks and a few days to dredge it out of my comment history, more power to ya. This is /. We don't get to edit or retract here.
  
  --
  Help stamp out iliturcy.
18. Re:Everyone's going to accuse by symbolset · 2011-10-11 17:01 · Score: 1
  
  I have five children.
  
  --
  Help stamp out iliturcy.
19. Re:Everyone's going to accuse by symbolset · 2011-10-11 17:05 · Score: 1
  
  >p.s. That is one awesome ID number you are rocking.
  Thanks. It's accidental but I like it.
  Your post was garbled. I want to respectfully reply, but I can't.
  
  --
  Help stamp out iliturcy.
20. Re:Everyone's going to accuse by symbolset · 2011-10-11 17:18 · Score: 1
  
  How the hell I attracted one of the adherents of the Dear Leader, I don't know - but it were in your better interest to let it go. I'm not some blind commentor, and not disposed to let things go. I mentioned Korea in passing and for your own sake you should let it be. If you make a crusade of it, I will sleep comfortably while you pay for your hubris in a camp where rations are let every other week.
  
  --
  Help stamp out iliturcy.
21. Re:Everyone's going to accuse by cavreader · 2011-10-11 17:27 · Score: 2
  
  "This idea basically says Uncle Sam doesn't have any folks trolling the dark side of the Internet yet" I seriously doubt this is the case. The US would have no problem returning the favor. Like China the US government security agencies avoid publicizing their accomplishments and vulnerabilities to avoid disclosing their capabilities.
22. Re:Everyone's going to accuse by symbolset · 2011-10-11 17:41 · Score: 1
  
  Dude, I've been up in there. It's not what you think it is.
  
  --
  Help stamp out iliturcy.
23. Re:Everyone's going to accuse by unitron · 2011-10-11 18:16 · Score: 1
  
  Maybe they meant the joys of being a woman. : - )
  
  --
  I see even classic Slashdot is now pretty much unusable on dial up anymore.
24. Re:Everyone's going to accuse by Samantha+Wright · 2011-10-11 18:28 · Score: 3, Funny
  
  Been there. Done that. The algorithms are still where it's at.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
25. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 18:52 · Score: 0
  
  Perhaps I need to do one of those Asperger's tests that they have online, or just stop trying to work and read /. at the same time :)
  Thanks for saying garbled and not garbage, such netiquette is rare these days.
26. Re:Everyone's going to accuse by symbolset · 2011-10-11 18:56 · Score: 1
  
  Maybe your feeble attempts to rescue this fucktard have something to do with your work relationship to him. He's in deep. Come swim in the tar with us. I would like that. The tar is warm. come on in.
  
  --
  Help stamp out iliturcy.
27. Re:Everyone's going to accuse by EnempE · 2011-10-11 18:56 · Score: 1
  
  Perhaps I need to do one of those Asperger's tests that they have online, or just stop trying to work and read /. at the same time :)
  Thanks for saying garbled and not garbage, such netiquette is rare these days
  p.s. Please excuse the accidental AC message, it is this need for multiple browsers that sites like face{tracking}book have made for me.
28. Re:Everyone's going to accuse by Gordonjcp · 2011-10-11 19:02 · Score: 1
  
  I can't see it being Israel, since Adi Shamir is actually Israeli himself.
29. Re:Everyone's going to accuse by symbolset · 2011-10-11 19:03 · Score: 1
  
  Here's an easy test: If you think you might have Aspergers, then you don't.
  
  --
  Help stamp out iliturcy.
30. Re:Everyone's going to accuse by symbolset · 2011-10-11 19:31 · Score: 1
  
  That might need some clarification for you norms. The key term is "might". If you were that different from the norms, you would know it. You wouldn't have to have it explained to you. Some of you think you have Aspergers, but you don't. Us Aspies are way different. Hopefully you guys are mature enough now to accept us.
  
  --
  Help stamp out iliturcy.
31. Re:Everyone's going to accuse by symbolset · 2011-10-11 19:46 · Score: 1
  
  It's pretty simple. If you think you might have Aspergers, then you don't. Aspies don't have doubt, they have unknown quantities.
  
  --
  Help stamp out iliturcy.
32. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 20:14 · Score: 0
  
  I'd be willing to bet my money on the USA, UK, or Germany (Given proper odds), given their governments' wishes to spy on even their own people...
33. Re:Everyone's going to accuse by symbolset · 2011-10-11 20:15 · Score: 1
  
  He is who he is, a man. If you make what you are as a people to live and die with a man, then you have chosen your fate because all men die eventually. You know better than that. You've survived 100 iterations of that. What's different now?
  
  --
  Help stamp out iliturcy.
34. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 20:17 · Score: 0
  
  Hmm. So in your expert opinion, am I an Asperger? I am different from us norms, and I know it.
35. Re:Everyone's going to accuse by symbolset · 2011-10-11 20:28 · Score: 1
  
  Me too. Now what?
  
  --
  Help stamp out iliturcy.
36. Re:Everyone's going to accuse by EnempE · 2011-10-11 20:34 · Score: 1
  
  lol, guess not then.
  
  I have taught some kids with problems of this type, they are brilliant. I feel it is really the world which doesn't measure up to them. Why isn't English phonetic? why do years not always have the same number of days? why do I say "do it like this" when I mean "do a similar but personalized revision of this"?
  
  Anyways, waaaaay off topic now
37. Re:Everyone's going to accuse by symbolset · 2011-10-11 21:06 · Score: 1
  
  My kids are going through this now. We teach them the alphabet at 6 months, phonetics at 10 months. By two they're reading real books and repairing their own PC. And then they fail the standard test because they won't call out the sounds of letters because to them it's baby talk too embarassing to say. But they can read at a sixth grade level, and write at third - entering kindergarten.
  You normals are so fucking retarded. My boy came back from his first day of kindergarten and he had two things to say: "Other people are stupid" and "They don't even have computers". What could I say but "this is how it is. You have to get used to it."
  
  --
  Help stamp out iliturcy.
38. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-11 21:13 · Score: 0
  
  start hacking?
39. Re:Everyone's going to accuse by AmiMoJo · 2011-10-11 23:35 · Score: 2
  
  China's active in this stuff, as is North Korea, several former Soviet Republics, Israel, Western Europe, and most of South America. Well, to be honest, most of the planet, but everywhere else is where some proxies are. You might as well say "I don't know".
  Don't forget Struxnet and groups like Anonymous. There is probably just as much hacking going on in the US as anywhere else but we hear less about it, not least because the attacks are focused on other countries and simply don't make the news in here.
  Even with proxies you can often figure out where an attack comes from. Russian hackers will tend to use Russian words for file names or in binary executables, and it is often possible to tell if two separate hacks were by the same group based on digital forensics so they only have to make that kind of mistake once.
  Going off-topic a bit I find it laughable that the US should be accusing Iran of breaking US and international law by trying to organise an assassination on US soil, when the US seems to feel free to use cyber-attacks against Iran.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
40. Re:Everyone's going to accuse by geekmux · 2011-10-12 00:06 · Score: 1
  
  China
  I'm sorry, I must have missed the part where that accusation would somehow be wrong or inaccurate to make, based on merely the unclassified information the general population knows about, let alone the classified information...I wasn't aware that we had to suddenly ignore agendas or underlying motives within communist States simply because they fill our shelves at Walmart.
  Like there's not blatant motive here...
41. Re:Everyone's going to accuse by poofmeisterp · 2011-10-12 00:45 · Score: 1
  
  Welcome to my world growing up. Actually, I'm still there, but it's a lot easier to laugh INSIDE instead of outward at others now.
  I feel your kids' pain. It doesn't really get better until you are free and have the ability to laugh at others and/or find people you can communicate with. Hopefully ones that can understand one freaking thing you are saying. >:(
42. Re:Everyone's going to accuse by Thing+1 · 2011-10-12 01:04 · Score: 1
  
  Going off-topic a bit I find it laughable that the US should be accusing Iran of breaking US and international law by trying to organise an assassination on US soil, when the US seems to feel free to use cyber-attacks against Iran.
  Or the larger elephant in the room, "when the US seems to feel free to commit assassinations on foreign soil." (Especially of US citizens!)
  
  --
  I feel fantastic, and I'm still alive.
43. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-12 01:12 · Score: 0
  
  And by 8 they'll have the crap beaten out of them since apparently you don't teach them humility. But I guess you can't teach what you don't know..
44. Re:Everyone's going to accuse by tehcyder · 2011-10-12 01:40 · Score: 1
  
  It's certainly no country for old sheep.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
45. Re:Everyone's going to accuse by Ofloo · 2011-10-12 01:48 · Score: 1
  
  well we know it wasn't the usa they can't even manage drones on aircraft.
46. Re:Everyone's going to accuse by SeNtM · 2011-10-12 01:55 · Score: 1
  
  Blame Canada...there not even a real country anyway.
  
  --
  "There ought to be limits to freedom." -George W. Bush
47. Re:Everyone's going to accuse by SeNtM · 2011-10-12 01:59 · Score: 1
  
  Lets try again...no coffee yet.
  
  Blame Canada...they're not even a real country anyway.
  
  --
  "There ought to be limits to freedom." -George W. Bush
48. Re:Everyone's going to accuse by tehcyder · 2011-10-12 02:13 · Score: 0
  
  there are literally thousands of nondescript buildings in shopping malls and industrial parks all over the country filled with folks doing all sorts of eyes-only burn-before-reading stuff
  That doesn't sound very physically secure.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
49. Re:Everyone's going to accuse by tehcyder · 2011-10-12 02:23 · Score: 1
  
  That might need some clarification for you norms. The key term is "might". If you were that different from the norms, you would know it. You wouldn't have to have it explained to you. Some of you think you have Aspergers, but you don't. Us Aspies are way different. Hopefully you guys are mature enough now to accept us.
  How do you know what is normal though? You don't know how my mind works or how I see things any more than I know how you do.
  
  And who defined normal to you? A few doctors presumably? What objective tests could they use to prove you were different from the norm?
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
50. Re:Everyone's going to accuse by tehcyder · 2011-10-12 02:27 · Score: 1
  
  My kids are going through this now. We teach them the alphabet at 6 months, phonetics at 10 months. By two they're reading real books and repairing their own PC. And then they fail the standard test because they won't call out the sounds of letters because to them it's baby talk too embarassing to say. But they can read at a sixth grade level, and write at third - entering kindergarten.
  You normals are so fucking retarded. My boy came back from his first day of kindergarten and he had two things to say: "Other people are stupid" and "They don't even have computers". What could I say but "this is how it is. You have to get used to it."
  I'm enjoying this new troll immensely, but you need to do a bit of research. Autism/Asperger's isn't inherited.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
51. Re:Everyone's going to accuse by GameboyRMH · 2011-10-12 03:09 · Score: 2
  
  At this point if I was going to do anything illegal I'd proxy it through China. Nobody would ever suspect it could be anyone else.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
52. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-12 03:17 · Score: 0
  
  Actually from the sounds of it, not much has changed in 12 years.
  See the recent drone stuff.
53. Re:Everyone's going to accuse by EnempE · 2011-10-12 03:26 · Score: 1
  
  Maybe he wanted to tell them something along the lines of...
  
  "Your time is limited, so don't waste it living someone else's life. Don't be trapped by dogma — which is living with the results of other people's thinking. Don't let the noise of others' opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary." - El Steve.
  
  But messages like that don't carry much weight, best they hide and wait for college before they start trying to change the world into what they see it should be.
  
  Don't you think it is refreshing to think of normal as retarded ? Make the term "minority" the compliment it should be !
54. Re:Everyone's going to accuse by cavreader · 2011-10-12 03:35 · Score: 1
  
  So have I with level 2 SCIF classification.
55. Re:Everyone's going to accuse by russotto · 2011-10-12 04:40 · Score: 1
  
  I'm enjoying this new troll immensely, but you need to do a bit of research. Autism/Asperger's isn't inherited.
  Being an arrogant ass does run in families, though, and it's occasionally confused with Asperger's.
  Not clear whether being an arrogant ass is inherited or influenced by family environment; my money is on "both".
56. Re:Everyone's going to accuse by garyebickford · 2011-10-12 05:10 · Score: 2
  
  That doesn't sound very physically secure.
  A good question. Relevant reading below. From my own slight experience, quite a while back, these buildings are often much more secure than they appear on the outside. They are purposely nondescript. Sometimes there are fake fronts and such, and even sometimes a smallish building on the surface connects to a large underground complex. Putting them in relatively high traffic areas makes it easier to hide the traffic of workers going in and out.
  Back in the day I saw a few in DC suburbs (Tyson's Corner VA) that had no windows and only one door, and walls that were blast-resistant and incorporated Faraday cages to prevent electronic leakage. That was the old-school way, I don't know to what extent that is still the case but I assume that is mostly still true, just as a starter. It depends on the type and quality of information.
  Even back in the late 1970s and early 1980s technical equipment intended for some government agencies had to pass the TEMPEST EMI test, which has no published spec - they test it and tell you only whether it passed. If it didn't, you were not given any clues as to what needed fixing.
  Top Secret America portal article.
  Another article, excerpted from the book: "Top Secret America: The Rise of the New American Security State".
  
  This article, adapted from a chapter of the newly released “Top Secret America: The Rise of the New American Security State,” by Washington Post reporters Dana Priest and William M. Arkin, chronicles JSOC’s spectacular rise, much of which has not been publicly disclosed before. Two presidents and three secretaries of defense routinely have asked JSOC to mount intelligence-gathering missions and lethal raids, mostly in Iraq and Afghanistan, but also in countries with which the United States was not at war, including Yemen, Pakistan, Somalia, the Philippines, Nigeria and Syria.
  “The CIA doesn’t have the size or the authority to do some of the things we can do,” said one JSOC operator.
  The president has given JSOC the rare authority to select individuals for its kill list — and then to kill, rather than capture, them. Critics charge that this individual man-hunting mission amounts to assassination, a practice prohibited by U.S. law. JSOC’s list is not usually coordinated with the CIA, which maintains a similar but shorter roster of names.
  
  --
  It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
57. Re:Everyone's going to accuse by Anonymous Coward · 2011-10-12 07:57 · Score: 0
  
  Humility is for normal people.
58. Re:Everyone's going to accuse by Deliveranc3 · 2011-10-13 03:38 · Score: 1
  
  Don't forget the U.S. assassinated someone in Afghanistan WITH A ROBOT no less about two weeks ago.
  
  I'm not sure robots are against the Geneva convention but they certainly should be.
  
  Nothing will eliminate humanity faster than an escalating robot war.
59. Re:Everyone's going to accuse by unitron · 2011-10-13 11:20 · Score: 1
  
  What work relationship?
  I have no idea who cheeks5965 is, other than a fellow slashdotter, who may or may not be a "fellow".
  
  --
  I see even classic Slashdot is now pretty much unusable on dial up anymore.
60. Re:Everyone's going to accuse by cheeks5965 · 2011-10-15 07:17 · Score: 1
  
  thanks, honey. see you tonight. what do you want for dinner?
  
  --
  -- Flame me and I will happily flame you back. Bring it!
61. Re:Everyone's going to accuse by unitron · 2011-10-15 13:10 · Score: 1
  
  So you're the one that got symbolset knocked up 5 times?
  It's so neat to meet your baby where the algorithm action is.
  
  --
  I see even classic Slashdot is now pretty much unusable on dial up anymore.
Maybe some hacker got lucky... by Currawong · 2011-10-11 14:33 · Score: 1

Maybe whoever wrote the virus got lucky, found they'd hit the jackpot with the data and sold it off for a crapload of money?

--

What is the point of the internet?
well we did blame.... by ganjadude · 2011-10-11 14:35 · Score: 2

Iran for an attempted attack on us soil just today. Maybe they figured (or were coaxed *tin foil hat) that they should just add blame to iran to either to save face (most likely) or to add ammo to the fact that they did in fact back the attack?(end tin foil hat)

--
have you seen my sig? there are many others like it but none that are the same
1. Re:well we did blame.... by Anonymous Coward · 2011-10-11 23:10 · Score: 0
  
  (end tin foil hat)
  What is that? Some kind of Lisp/VB hybrid? Damn.
Defective as designed. by faedle · 2011-10-11 14:37 · Score: 5, Insightful

Any design that held all the keys in a central database that was not changeable by the end-user organization was defective-as-designed, IMHO.
1. Re:Defective as designed. by el_tedward · 2011-10-11 15:34 · Score: 1
  
  Bit of a plug for some people I have met, but if you check out Duo Security, they have some neat stuff where you can avoid the whole adding a second password as two factor authentication. Instead, you're authenticating a login through your phone (can either be through their app, or a phone call from a nice robotic lady). They also offer methods similar to RSA's. I don't know off the top of my head if you can configure it to only allow certain types of two factor auth.
2. Re:Defective as designed. by PopeRatzo · 2011-10-11 16:16 · Score: 1
  
  Any design that held all the keys in a central database that was not changeable by the end-user organization was defective-as-designed, IMHO.
  Private industry: Defective by Design.
  
  --
  You are welcome on my lawn.
3. Re:Defective as designed. by Anonymous Coward · 2011-10-11 16:34 · Score: 0
  
  I was horrified when I heard about how they operated. I had assumed that these RSA fobs were one-time pad type things where the client's (of RSA) server and the fob were the only copies of the pad.
  When I learned how it really worked I was amazed that it hadn't been cracked sooner.
4. Re:Defective as designed. by Anonymous Coward · 2011-10-14 05:21 · Score: 0
  
  The thing is, no modern network is always completely cut off. These systems need updating sometimes. At worse you need to connect them temporarily with an iron security policy, at best you use a separate computer to grab the updates and then connect to the "isolated" network. But how do you think Stuxnet managed to screw up Iran's PLCs? It included a worm that spread very silently, doing nothing until it found that a computer at some point connected to the PLC. And then reported fake measurements to the operators while it was screwing up the turbines.
  In the case of RSA it'd be trickier because you're trying to exfiltrate data on top of that, but nothing's impossible.
Re:Awww, a security firm got hacked? by Dunbal · 2011-10-11 14:42 · Score: 2

Yah an it was a COUNTRY that did it mommmmmieeeeeeeeeeeeeeeeeeeeeeeeeeeeeee!

--
Seven puppies were harmed during the making of this post.
Poor Threat Model by Anonymous Coward · 2011-10-11 14:50 · Score: 1

They only have themselves to blame if their threat modeling didn't take into consideration a possible attack from an entity with the means of an intelligence service or nation. Either that, or they sold their customers a false sense of security.
Unwilling to name for good reason by ThePeices · 2011-10-11 14:51 · Score: 1

Im not at all surprised that they are not saying what nation they suspect.
RSA cannot prove, beyond reasonable doubt, which country is the criminal. Naming any country without significant proof will cause more harm than good.
They suspect a nation, but without better proof, the media shitstorm that inevitably results, will cause far more harm to the company than the hack itself has.
1. Re:Unwilling to name for good reason by msobkow · 2011-10-11 16:07 · Score: 3, Insightful
  
  Then it's unreasonable for them to assume it requires a "nation state" to perform the attacks. Some of the cracker groups out there are very, very skilled and have a lot resources available to them.
  But it would be embarassing for them to admit a loosely organized bunch of people could get past their much-vaunted security. Better save face and paint pictures of a ghostly "nation state" so they don't look incompetent.
  
  --
  I do not fail; I succeed at finding out what does not work.
2. Re:Unwilling to name for good reason by Anonymous Coward · 2011-10-11 17:33 · Score: 0
  
  Then it's unreasonable for them to assume it requires a "nation state" to perform the attacks. Some of the cracker groups out there are very, very skilled and have a lot resources available to them.
  But it would be embarassing for them to admit a loosely organized bunch of people could get past their much-vaunted security. Better save face and paint pictures of a ghostly "nation state" so they don't look incompetent.
  Or more likely is that an un-named "three letter" agency has told them not to go around naming names. Sometimes in Intelligence you don't want to reveal too much of what you know, as it will also reveal how you got the information.
  There's also the classic method of information "trolling", where you talk a bunch of shit about how you are absolutely sure it was a nation-state, meanwhile continuing your surveillance of the small, independent organization who are sitting around laughing and saying "Oh, look at those incompetent fools, they think it was China/Iran/Korea/Russia/England. Our methods worked so well they have no clue, so we'll keep using the same cover since we think we're safe."
  And no, I'm not wearing a tinfoil hat, thankyouforasking. That's just how the game is played.
3. Re:Unwilling to name for good reason by Frosty+Piss · 2011-10-11 18:26 · Score: 1
  
  Sophos security researcher Graham Cluley questions how RSA has concluded that a country was responsible for the attack â" when RSA is unwilling to name who it suspects.
  Why would they lay all their cards on the table? They don't need to prove to you and me that they know who did it, though the perps certainly now know that RSA knows they did it. I mean, that RSA is "unwilling" to tell Sophos does NOT mean that RSA has told no one.
  And, RSA and Sophos have commercial interests and relationships in some of the same business markets, why would RSA tell them anything?
  
  --
  If you want news from today, you have to come back tomorrow.
4. Re:Unwilling to name for good reason by stephanruby · 2011-10-11 19:04 · Score: 1
  
  Just name the country where the tracks disappear. Whether the country was the source, or just used as a patsy. Everyone needs to know where the hackers were last spotted.
  So far, only Google has had the balls to do that. If RSA is not willing to risk all its future business with the country in question (like Google did), then they should just pull out from our country. A technology security company can not have two masters.
5. Re:Unwilling to name for good reason by Kagura · 2011-10-12 11:59 · Score: 1
  
  Why is this guy sitting at less than +5 insightful?
6. Re:Unwilling to name for good reason by Anonymous Coward · 2011-10-13 05:24 · Score: 0
  
  Why would they lay all their cards on the table?
  I don't know, but why should we believe them? TBH, if a nation state undertakes cyber attacks I'd expect them to build some plausible deniability into it, so it is quite unllikely they could be sure unless someone involved talked. And I don't see why it would take the resources of a nation state to carry out this attack, the presumption that only nation states would be able to stinks of hubris.
FAIL by Osgeld · 2011-10-11 14:51 · Score: 0

"Security firm RSA has revealed that it believes two groups, working on behalf of a single nation state, hacked into its servers and stole information related to the company's SecurID two-factor authentication products."
Yea real fucking secure there chief.
Blame China boyz ... by unity100 · 2011-10-11 14:52 · Score: 0

Fuck it up, then blame china. its the new scapegoat for i.t. incompetency.

--
Read radical news here
Surprisingly Poor Security Policy by LazLong · 2011-10-11 14:57 · Score: 5, Insightful

RSA should never have allowed systems containing anything related to SecureID beyond marketing data be connected to a network with an Internet connection. SecureID development should have been restricted to a physically separate (air-gapped) network.
Why would I ever want to trust any security company who would make such a fundamental mistake?
1. Re:Surprisingly Poor Security Policy by Grishnakh · 2011-10-11 15:03 · Score: 3, Insightful
  
  Why would I ever want to trust any security company who would make such a fundamental mistake?
  Because you like to play golf with their sales rep and he takes you out to expensive restaurants?
2. Re:Surprisingly Poor Security Policy by Anonymous Coward · 2011-10-11 15:12 · Score: 0
  
  Don't forget the free hats and backpacks!
3. Re:Surprisingly Poor Security Policy by Anonymous Coward · 2011-10-11 15:16 · Score: 1
  
  No strip clubs? I'll ditch them for another vendor!
4. Re:Surprisingly Poor Security Policy by Grishnakh · 2011-10-11 15:26 · Score: 1
  
  I totally forgot about the strip clubs. Surely that's the RSA sales reps' secret.
5. Re:Surprisingly Poor Security Policy by bill_mcgonigle · 2011-10-11 15:53 · Score: 2
  
  Is that a nation state in your pocket, or are you just happy to see me?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
6. Re:Surprisingly Poor Security Policy by firstnevyn · 2011-10-11 16:04 · Score: 2
  
  FREE HAT! FREE HAT!
7. Re:Surprisingly Poor Security Policy by Anonymous Coward · 2011-10-11 17:08 · Score: 0
  
  For one, when I worked for the federal government, such actions would be illegal. For another, I wouldn't be caught dead playing golf. But the real and true reason is that I specify/design solutions that best fit the requirements as I have to live with the consequences. A fleeting dalliance can't compete with that.
8. Re:Surprisingly Poor Security Policy by Chapter80 · 2011-10-12 00:43 · Score: 1
  
  I totally forgot about the strip clubs. Surely that's the RSA sales reps' secret.
  only if the sales rep's name is Victoria.
9. Re:Surprisingly Poor Security Policy by Grishnakh · 2011-10-12 03:05 · Score: 1
  
  For one, when I worked for the federal government, such actions would be illegal.
  I guess you weren't a Congressperson, then, because such actions are rather tame for them. They prefer to receive big bags of money from corporate lobbyists. So why was it illegal for you to be taken out to dinner, but it's OK for Congresspeople to accept big bags of money?
Mod parent up. by khasim · 2011-10-11 15:04 · Score: 1

I would expect such from most companies. But from a company that sells computer security products?
And those products DEPEND upon the seed being secret?
I get the feeling that they're claim this now (MONTHS after the crack) in order to justify their failure.
Who cares if it was a single cracker or a cracker group or a nation employing crackers? If they didn't go in with gunships then it is the same in the end. A cracker got past their defenses and all the way into their vault.
Why was the vault available on-line like that?
1. Re:Mod parent up. by tlhIngan · 2011-10-11 17:19 · Score: 2
  
  And those products DEPEND upon the seed being secret?
  Um, that's the point of the RSA token. The RSA token is merely a watch that instead of displaying the current time, displays a 6-digit number. That number is basically the output of a PRNG - one cryptographically secure (so hijacking a number or two won't reveal the entire sequence). That PRNG is seeded by a seed value so it generates a predictable set of numbers.
  When you register a key, you enter in its ID number, which does a seed lookup so when you log in, the appropriate number can be calculated and compared with what your key should be showing you.
  The seed has to be available somehow - the key gets programmed with a seed out of necessity (so it can calculate the proper number), but the log in authenticator also needs the seed. And the authenticator can be made by anyone licensing the technology. Somehow the seed value needs to be transported to the authenticator so all valid users' numbers can be calculated and compared.
  The only thing I don't know is when the authenticator needs the seed - does it check against RSA's system or does it just log the seed value internally. Or why RSA keeps the seed once it's been registered (perhaps to allow multiple authenticators to use the same keyfob?).
2. Re:Mod parent up. by neonsignal · 2011-10-11 22:11 · Score: 1
  
  Of course, if the generator was based on a public/private key system instead of block cipher (ie, encrypting the time stamp using the private key), then there would be no need for the private 'seed' to be stored anywhere outside of the security token. The number would be a digitally signed timestamp.
3. Re:Mod parent up. by vlm · 2011-10-12 00:07 · Score: 1
  
  Of course, if the generator was based on a public/private key system instead of block cipher (ie, encrypting the time stamp using the private key), then there would be no need for the private 'seed' to be stored anywhere outside of the security token. The number would be a digitally signed timestamp.
  Check the patent situation for the reason why you can't do that.
  Companies (generally) don't do snake oil accidentally...
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
4. Re:Mod parent up. by Prof.Phreak · 2011-10-12 00:45 · Score: 1
  
  that would also require a bit more processing power on the token---which would make'em more expensive to manufacture, and battery not last as long...
  
  --
  "If anything can go wrong, it will." - Murphy
5. Re:Mod parent up. by Rich0 · 2011-10-12 06:58 · Score: 1
  
  Yeah, but you'd think that a company named "RSA" would think to maybe employ RSA...
  And I can't see how this would impact battery life much - how often does one of these things really need to generate a key. Just put a clock in it, and then a button which generates a key on demand. That uses as much power as a digital watch, plus a hair bit more twice a day or whatever. There is no need to have it continuously generating keys when it is sitting in a briefcase...
It had to be a nation-state... by arglebargle_xiv · 2011-10-11 15:12 · Score: 5, Insightful

...because having to admit "we got 0wned by some random script kiddie" would be just too embarrassing.
1. Re:It had to be a nation-state... by youn · 2011-10-11 15:33 · Score: 1
  
  haha :), that was my reaction too :)
  
  --
  Never antropomorphize computers, they do not like that :p
2. Re:It had to be a nation-state... by Mr.+Underbridge · 2011-10-11 15:58 · Score: 1
  
  We have a winner!!!!
  Kind of like when you get your ass kicked in a bar fight, when you tell the story the guy was definitely a heavyweight boxer. Couldn't be you just got your ass whupped by a girl.
How do I say "Nation State" by Anonymous Coward · 2011-10-11 15:16 · Score: 0

. . . in Chinese?
security?.. prove it Ahole by Anonymous Coward · 2011-10-11 15:17 · Score: 0

So why is no one auditing these claims of security by RSA...
I guess they left is all on a public FTP...
RSA is just another scumbag big corp stealing from other lazy big Corp... ...But they had pretty pictures in there presentation....
It was really.... by haltline · 2011-10-11 15:18 · Score: 1

Meanwhile, two teenage boys are laughing their asses off. The would have continued but it was a Warcraft raid night.
That's interesting, but you still messed up. by Eponymous+Coward · 2011-10-11 15:19 · Score: 1

There are lots of groups who would love to have a copy of RSA's SecurID database. Frankly, I don't really care what part of the world the attackers came from. The bottom line is that RSA messed up big time with some very basic stuff. I don't see them as a victim and am a little disturbed that their chairman would have anything other than apologies for their incompetence and poor handling of the situation after the attack. It would be nice for him to also explain how this type of attack could not succeed again.
Pure spin... even if it's true by swillden · 2011-10-11 15:22 · Score: 5, Insightful

It really doesn't matter whether this was a targeted, sophisticated attack or not. The fact is that if RSA had done a decent job of securing its keys it wouldn't matter who was attacking them.
Any company with secret keys remotely as valuable as RSAs should have generated them and managed them ONLY in high-security HSMs (host security modules) configured to refuse to ever divulge the keys under any circumstances, except to securely transport them to another HSM. That plus reasonable logical access controls on the HSMs, with separation of authority for all important operations, and strong physical security around the HSMs makes it virtually impossible for any attacker, no matter how skilled, sophisticated or well-funded, to get at the data.
This really isn't rocket science. Lots of banks and lots of other security-conscious companies do this sort of thing all the time. Given who RSA's clientele was, if they'd gone to the NSA and asked for help they'd have gotten all the free consultation they needed from some of the best there are, if they'd needed it. Which they shouldn't have.
Whether it was a sophisticated team from a world superpower or a couple of random script kiddies is really just a question of how much gross negligence.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Not credible by gweihir · 2011-10-11 15:23 · Score: 1

RSA has good reason to make the attackers as scary as they can. After all, from the details available it sounds like this was a relatively easy hack. Advanced, but easy. If they admit that, they look like the incompetent and arrogant hacks they apparently are.
My advice is to not buy anything from them at least for a few years.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
RSA? by Anonymous Coward · 2011-10-11 15:27 · Score: 0

... A sheepish interopter of dubious philogeny and known lack of brains.
LOL
Does it rhyme with "vagina"? by Anonymous Coward · 2011-10-11 15:33 · Score: 0

If RSA is reading this, could you give us a hint as to what country it could be. For example, could you tell us if the nation state rhymes with the word "vagina".
1. Re:Does it rhyme with "vagina"? by Anonymous Coward · 2011-10-11 16:05 · Score: 0
  
  Hmmm.... let me check for you. Isrina.... nope, doesn't rhyme with vagina.
2. Re:Does it rhyme with "vagina"? by Anonymous Coward · 2011-10-11 17:41 · Score: 0
  
  If RSA is reading this, could you give us a hint as to what country it could be. For example, could you tell us if the nation state rhymes with the word "vagina".
  I know they have a funny accent and all, but "England" does not rhyme with "Bearded Clam".
Bullcrap by Oriumpor · 2011-10-11 15:37 · Score: 2, Insightful

I spend a week a year listening to crap like this for hour after hour. In 2010 everyone said (and still this year the big Security firms are still clueless) that the PLC attack against the Siemens controllers "Was an extremely sophisticated attack" blah blah blah "nation state" blah blah blah.
This is based on the following:
1. Obviously the 2 signed pieces of code would have required real human assets.
2. The PLC controllers are incredible sophisticated and expensive.
3. The method of infiltration was extremely well planned.
Until earlier this year I was spouting the same crap... then an individual busted Comodo wide open. Then later Diginotar (as if Comodo wasn't evidence enough.) SO Check, #1 no longer requires human assets.
Then I saw a talk that blew #2 and #3 out of the water. A relatively low funded talk ( about 6k) was done, where an individual (not a team, not even two people) was able to identify a direct backdoor that provided shell access into all PLCs of the model applicable in the Stuxnet attack, and could perform the attack without the need of the configuration stations...
THERE WAS NO NEED FOR A USB PAYLOAD TO BOOTSTRAP THE COMPILER! You could actually login, and patch the damn executables on the plc itself using the backdoor.
My conclusion about 30 seconds after these things were demonstrated (on the actual PLCs) was that it probably did take a team of engineers to create the rube goldberg that was stuxnet, but it didn't involve anyone at Siemens (since when confronted with the researchers findings, they acknowledged them, saying they were already aware.)
Since the RSA attack is like three steps down from that, I would say that RSA is trying to perform damage control with their shareholders since in terms of sophistication a user clicking a malicious URL in an email is sooooOoo 1999.
1. Re:Bullcrap by hism · 2011-10-11 17:46 · Score: 2
  
  Wait, I don't see how the security beach at Comodo rules out #1. Maybe I'm not understanding CAs correctly, but the two situations have a big distinction. In the Comodo case, somebody breached Comodo, a CA authority, and issued new CAs which could be used by a malicious site to claim that they are some other trusted site. In the case of Stuxnet, already-issued CAs for Realtek and JMicron were stolen to sign malicious drivers. CAs that had already signed legitimate drivers in the past. Aren't these two cases a bit different? I'm not saying that the CAs at Realtek and JMicron couldn't have been stolen without real human assets, but how does the Comodo case change anything?
2. Re:Bullcrap by Anonymous Coward · 2011-10-11 17:58 · Score: 1
  
  None of this is accurate. Stuxnet was not considered sophisticated for any of the reasons you mentioned, and #1 was literally never suggested by anyone of note as it is obviously untrue. Stuxnet was considered advanced becaused it was covert in a number of ways, targeted a specific air-gapped network, and most importantly it used four different 0-days.
  Finally, while it may have been unnecessary to subvert the compiler, the specific target they wanted used them and it was far more covert.
3. Re:Bullcrap by Anonymous Coward · 2011-10-11 21:53 · Score: 0
  
  I mostly agree, but do you have anything I can read on "(since when confronted with the researchers findings, they acknowledged them, saying they were already aware.)"?
  Thanks.
Not that sophisticated... by Vellmont · 2011-10-11 15:58 · Score: 5, Insightful

The article is correct. APT is merely a buzzword to throw around to make the attack sound sophisticated. It was certainly a good attack, but it's hardly something that requires the resources of a "nation state". Individuals are constantly finding software flaws that are more sophisticated than what RSA was hit by. The attack merely combines social engineering (getting the victim to open the spreadsheet), a hidden payload of Flash packaged inside it, and a flash exploit. None of those are really that sophisticated, or particularly new.
I don't think any details have been given about what happened once the initial machine was owned. But given that RSA is already trying to hack into something resembling "the hack of the century", AND the fact they didn't reveal tokens had been stolen until AFTER a stolen token was used in a Lockheed Martin attack, I'd say the opinion of RSA on who was involved can't be trusted.
Speculation of the attacker based on who has an interest in breaking Lockheed Martin is meaningless. I could come up with a dozen different explanations, all equally plausible that wouldn't involve a nation state at all. Perhaps the first attacker breached RSA, then sold the stolen tokens to some other hacker. Without evidence to keep us honest, we can make up whatever theories we like.

--
AccountKiller
1. Re:Not that sophisticated... by chrb · 2011-10-12 01:19 · Score: 1
  
  The Lockheed Martin breakin is being used to suggest that the RSA hack must have been carried out by a nation state. However, it is clear from the past that there are individuals (e.g. Gary McKinnon) have both the motivation and capability to break into U.S. military sites. Security "experts" like those at RSA consistently (and conveniently) underestimate the capabilities of individual hackers and hacker groups, and yet the past 15 years have shown that military sites, government sites, security expert sites, credit card processors, etc. have all been routinely hacked.
  The truth is that hacking is not actually that difficult. If you have a zero-day remote exploit, and you automate a scan of millions of domains, then it is highly likely that you will find some (or many) that are vulnerable, regardless of whether they are .gov, .mil, .com, or whatever. Once in, it is trivial to install a rootkit and scoop up all of the outgoing ssh passwords, and to exploit the existing trust relationships. Most sites don't keep up to date with security patches - I have worked with companies that are still running Red Hat based systems from 2004 with no security patches. Getting root on these systems is absolutely trivial. And I guess that is the big secret that RSA and the other security companies don't want you to know - that hacking is pretty easy, and that groups like lulzsec, that routinely penetrate respected corporations, are not gifted geniuses, just skilled computer engineers with a stash of exploits.
2. Re:Not that sophisticated... by Anonymous Coward · 2011-10-12 02:33 · Score: 0
  
  The seed records were stolen from RSA, not tokens. Stealing tokens would require a decidedly different kind of attack.
3. Re:Not that sophisticated... by SmurfButcher+Bob · 2011-10-12 04:31 · Score: 2
  
  > The Lockheed Martin breakin is being used to suggest that the RSA hack must have been carried out by a nation state
  That's puzzled me, however.
  The RSA hack was a black swan, but it bridged enough facets to not be trivial - so we're not talking about the attackers being morons, here.
  But then actions against LM were beyond stupid. Not only because of the sledge-hammer tactic that even HBGary could have found, but more because it confirmed what RSA refused to reveal - it confirmed that they had the seeds. Doing so completely devalued them... for what equates to little more than a dozen failed password attempts. That's just... "Duh?"
  One attack smells like for-profit/for-hire, and the other attack smells like short-term stupid-n00b on many levels. If there's a nation-state involved, it wasn't during the RSA part... the subsequent stupidity at LM could not have been the same talent.
  On the LM side, it'd be a nation that (1) is stupid enough to blow the seeds over a short term access attempt, and (2) doesn't have a lot of nationals hired by LM with existing long term access, assets and options. That means it wasn't China, India or Taiwan... all three nations already have people who will (and will continue to) do things the old fashioned way: crawling through air ducts, walking a freakin drive out the door, or social eng. None of them would piss the seeds away like what was tried - they'd integrate them into their existing tactics, AFTER a valid user/pass had been acquired by those tactics.
  It smells more like someone who wanted to FUD the RSA product, quite frankly.
  Cheers,
  
  --
  
  help me i've cloned myself and can't remember which one I am
4. Re:Not that sophisticated... by Rich0 · 2011-10-12 08:38 · Score: 1
  
  It smells more like someone who wanted to FUD the RSA product, quite frankly.
  I'm not sure if FUD is really the right term here. FUD is Fear, Uncertainty, and Doubt.
  Right now you can be CERTAIN that people who aren't supposed to have the ability to impersonate any RSA SecureID tokens you own. There is no DOUBT that people can use this to do you harm. So, you should be VERY AFRAID unless you've replaced them with some other solution that isn't completely owned.
  FUD is making vague insinuations to get people to not use a product. There is nothing vague about this - a security vendor essentially designed a system that relied on their ability to keep a certain set of data secret, and that data is in hands unknown. They then let that compromise go unreported for months, so that those with vulnerabilities had no way to know they were vulnerable.
  Never buy into a system that allows people to bypass your security if they have some token that your vendor has a copy of. If you want to be secure, generate the keys yourself.
Yes, but RSA's internal procedures are BS anyway by Anonymous Coward · 2011-10-11 16:02 · Score: 0

I'm sure it was a nation state, but RSA is a disorganized circus internally, so I'm sure it wasn't that hard to hack them.
Blame Canada by Anonymous Coward · 2011-10-11 16:02 · Score: 0

They are way sneeker than most people (Americans) think...
the real culprit is: by Anonymous Coward · 2011-10-11 17:01 · Score: 0

Might as well claim a Leprecaun did it given the evidence RSA isn't coughing up.
seriously... by Anonymous Coward · 2011-10-11 17:11 · Score: 0

why didn't they use their own technology for security (at least, I'm assuming they didn't) ? Because I haven't heard of anyone proving the Reimann hypothesis....
Iran did it.. by AftanGustur · 2011-10-11 17:37 · Score: 1

Actually, Iran is one of the currently most active APA (Advanced Persistent Adversary) .

--
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
1. Re:Iran did it.. by Anonymous Coward · 2011-10-11 19:18 · Score: 0
  
  At least they don't go around attacking and bombing places to shit.
2. Re:Iran did it.. by Anonymous Coward · 2011-10-11 20:34 · Score: 0
  
  Hmm, APA, why not change that label in Advance Persistent Entity and get to call them APE's. That seems to match much more closely to what's required for these kinds of hacks. Then again, virtual random monkeys have been able to rewrite Shakespeare's works as well.
3. Re:Iran did it.. by Anonymous Coward · 2011-10-12 14:17 · Score: 0
  
  Only because they're very weak. If they could, they'd bomb the US into oblivion.
No comment from the Elbonian Ambassador by Anonymous Coward · 2011-10-11 18:03 · Score: 0

n/t
Really Stupid Assholes. by mevets · 2011-10-11 18:57 · Score: 1

1. Make up big numbers
2. ....
3. Profit!
Worked for years, until:
4. Totally Fuck Up the very thing you depend on
5. Cry Espionage
6. Bankrupt.
Bye!
How about USA? by Anonymous Coward · 2011-10-11 20:24 · Score: 0

haha, i am amazingly surprised that no one suspects USA!
USA is the most innocent riiighht?
USA isn't the one who is ditching privacy for your public security, right?
oh yeah..
1. Re:How about USA? by gl4ss · 2011-10-11 21:45 · Score: 1
  
  usa doesn't act as a nation-state.
  only very small nations are capable of that, so it's probably some island state on the pacific.
  even if it was a 100 guys from china funded by some government douche, it still wouldn't qualify as china acting, there would be 100 generals who would have been against that it if it had been brought up at a general assembly of the party.
  but what real assets would have they recovered using the hack? friggin nothing, they could just buy the necessary cad sw, the necessary automatic 3d cnc routers etc if they really wanted to make something and had a budget.
  
  --
  world was created 5 seconds before this post as it is.
Don't worry, their Canadian Girlfriend fixed it by Rogerborg · 2011-10-11 21:16 · Score: 1

Which is handy, because they'd have been really screwed if A Wizard Did It.

--
If you were blocking sigs, you wouldn't have to read this.
1. Re:Don't worry, their Canadian Girlfriend fixed it by Anonymous Coward · 2011-10-11 23:47 · Score: 0
  
  Is her name Alberta and she lives in Vancouver?
2. Re:Don't worry, their Canadian Girlfriend fixed it by Thing+1 · 2011-10-12 01:22 · Score: 1
  
  So, she put on her robe and wizard hat, eh?
  
  --
  I feel fantastic, and I'm still alive.
Re:Iran did it.. yeah right by Anonymous Coward · 2011-10-11 22:25 · Score: 0

So much shit is being piled on Iran, most of it without any evidence. Seems quite obvious Iran will be next in line after Afghanistan and Iraq. And not just geographically. Such sickening propaganda smear.
Modification by poofmeisterp · 2011-10-12 00:30 · Score: 1

Could it be that the firm is simply applying spin, describing the attack as a 'highly sophisticated Advanced Persistent Threat' to protect its image?
Let me make a quick change. That is a question, so let's make it a statement. Also, let's change a few words and.... *Cartman voice* There we go:
"The firm is simply applying spin, describing the attack as a 'highly sophisticated Advanced Persistent Threat' to protect an image... An image that their services are worth money."
/snark
I'm not saying that they aren't, I'm just sayin', man... I'm just sayin'.
Perhaps OS selection? by williambbertram · 2011-10-12 01:36 · Score: 1

http://toolbar.netcraft.com/site_report?url=http://www.rsa.com
Hosting History
Netblock Owner IP address OS Web Server Last changed
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 5-Sep-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 25-Jul-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 31-May-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 21-Apr-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 20-Mar-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 unknown Microsoft-IIS/6.0 19-Mar-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 18-Mar-2011
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 4-Sep-2010
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 23-Mar-2010
RSA Security Inc. 174 Middlesex Turnpike Bedford MA US 01730 216.162.240.32 Windows Server 2003 Microsoft-IIS/6.0 21-Mar-2010
RSA Blames Nation State For Cyber Attack by Anonymous Coward · 2011-10-12 01:53 · Score: 0

It's not an RSA issue. It's a Two factor issue.
Two factor has well known / inherint weaknesses.
Here is what 2 factor has going for it: it's simple, dirt cheap, and works most of the time.
RSA got 0wn3d by a spreadsheet. by sl4shd0rk · 2011-10-12 02:28 · Score: 1

This wasn't stuxnet. It was Excel.
http://www.f-secure.com/weblog/archives/00002226.html

--
Join the Slashcott! Feb 10 thru Feb 17!
Re:Awww, a security firm got hacked? by GameboyRMH · 2011-10-12 03:00 · Score: 1

Check this out:

we're very confident that with the skill, sophistication and resources involved it could only have been a nation state.'
Now look at this:
http://www.h-online.com/security/news/item/RSA-break-in-it-was-the-Flash-Player-s-fault-1221057.html

RSA said that two variants of infected emails with an attachment called "2011 Recruitment plan.xls" were sent to a group of RSA employees over two days. Apparently, one of the targeted employees retrieved the email from a spam folder and opened it. The intruders used the exploit to install the widely known and freely available Poison Ivy "remote administration tool". The tool allowed the attackers to spy on the user's server access credentials, log into the server and escalate their access privileges (via further vulnerabilities). This gradually allowed them to work their way into the systems that interested them.
There, they harvested data and copied it to other servers on the internal network, where they combined, compressed and encrypted the information before transferring it to an external FTP server.
OH NOES SUCH UBER-L33T TACTICS! IT MUST BE TEH CHINESE CYBER-MARINES!

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
FACTS by optymizer · 2011-10-12 04:37 · Score: 1

Generic statements are going to be generic. I've read a few in the past few days:

"it's a nation state, we're not going to tell you which" (or you're just bullshitting)
"the public is going to be amazed when they find out the secret interpretation of the amendment. It's so horrible. I know what the secret interpretation is, but when you'll find out, you will be in awe." (FUD)
"we killed Osama, but didn't take any pictures and dumped the body in the ocean" (ORLY?)

I shouldn't be surprised though, given the number of people that believe there's an invisible man in the sky. Compared to that, the statements above seem like facts.
Or, Microsoft, or Oracle... by Anonymous Coward · 2011-10-12 05:21 · Score: 0

Not that they're incentivized to do this, but Microsoft or any of the Silicon Valley tech powerhouses could engineer a complex and sophisticated attack on the level of Stuxnet. It doesn't have to be a nation-state.