[SystemSafety] The RSA Hack, Ten Years On

Peter Bernard Ladkin ladkin at causalis.com
Sat May 22 10:54:54 CEST 2021


This is a fascinating article.

10 years ago, RSA was hacked by a Chinese state actor, which stole the seeds for RSA's two-factor 
authentication system, SecureID.

10-year NDAs have expired, and some of those involved have talked to Wired's Andy Greenberg about 
what happened.

https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

Summary: it is frightening.

SecureID is a token system. Each computer-system user has a fob, which displays 6-digit numbers 
which change every 60 seconds or so. These are pseudo-random numbers. The generation algorithm for 
the fob's numbers also sits on the computer-system, so when a user attempts to log in, and then put 
in the fob number, the computer-system checks those numbers are the same.

RSA retained the seeds for the pseudo-random-number generation for its customers on a air-gapped 
machine.

The machine on which the customer back-up SecureID seeds resided at RSA was air-gapped. Nominally. 
In fact, there was one connection, to a machine that prepared the technology for customers. 
Exploiters got in through that connection and apparently pulled the seeds.

It is not a small operation. There were 40m SecureID tokens in the field when the seed-steal was 
perpetrated.

Thanks to Peter Neumann's Risks Forum Digest for the heads-up. Actually, worth more than that one 
sentence - general thanks to Peter for his work over 36 years on the Digest. I've been an occasional 
contributor since it was less than a year old. Peter himself is almost 90 (not a secret; it's on his 
Wikipedia page).

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
ClaireTheWhiteRabbit RIP
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20210522/cfc4c863/attachment.sig>


More information about the systemsafety mailing list