Wired published deep feature about the hack of security company RSA, in 2011, in which hackers stole the so-called “crown jewels of cybersecurity”, the secret keys forming a “decisive ingredient” of its two-factor authentic SecurID devices. It would go on to “redefine the cybersecurity landscape” with huge implications for not only RSA, but also the organizations that relied on its devices for their own security.
Wired Andy Greenberg describes the moment RSA analyst Todd Leetham discovered that hackers had accessed one of RSA’s most important data:
With growing fear, Leetham finally tracked the intruders ’footprints to their ultimate goals: the secret keys called“ seeds, ”a collection of numbers that represented a basic layer of the security promises RSA made to its customers, including dozens. of millions of users in government and military agencies, defense contractors, banks and countless companies around the world.
One of the most interesting sections of the report describes how the hack affected the psychology of RSA employees, making them intensely paranoid. The company exchanged telephone networks, met in person at meetings and shared documents on paper. The building was swept away by bugs, and some office windows were covered with paper to prevent surveillance.
Paranoia began to take hold in the company. The first night after the announcement, [RSA’s head of North American sales] remembers walking next to a wire closet and seeing an absurd number of people come out of it, far more than he imagined it could fit. “Who are those people?” he asked another close executive. “That’s the government,” the executive replied vaguely.
The RSA hack not only blamed a subsequent hack by “at least one” U.S. defense contractor, but it opened many of the world’s eyes to the danger of supply chain attacks. Instead of attacking a target directly, a supply chain attack sees hackers infiltrating one of their target’s providers to back up their defenses, like what we saw with last year’s SolarWinds hack.
After 10 years of rampant state-sponsored hacking and supply chain hijacking, the RSA break can now be seen as the herald of our current era of digital insecurity – and a lesson in how a determined adversary can undermine the things we most trust.
Wiredfeature read well.