[SystemSafety] The RSA Hack, Ten Years On
Peter Bernard Ladkin
ladkin at causalis.com
Sat May 22 10:54:54 CEST 2021
This is a fascinating article.
10 years ago, RSA was hacked by a Chinese state actor, which stole the seeds for RSA's two-factor
authentication system, SecureID.
10-year NDAs have expired, and some of those involved have talked to Wired's Andy Greenberg about
what happened.
https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/
Summary: it is frightening.
SecureID is a token system. Each computer-system user has a fob, which displays 6-digit numbers
which change every 60 seconds or so. These are pseudo-random numbers. The generation algorithm for
the fob's numbers also sits on the computer-system, so when a user attempts to log in, and then put
in the fob number, the computer-system checks those numbers are the same.
RSA retained the seeds for the pseudo-random-number generation for its customers on a air-gapped
machine.
The machine on which the customer back-up SecureID seeds resided at RSA was air-gapped. Nominally.
In fact, there was one connection, to a machine that prepared the technology for customers.
Exploiters got in through that connection and apparently pulled the seeds.
It is not a small operation. There were 40m SecureID tokens in the field when the seed-steal was
perpetrated.
Thanks to Peter Neumann's Risks Forum Digest for the heads-up. Actually, worth more than that one
sentence - general thanks to Peter for his work over 36 years on the Digest. I've been an occasional
contributor since it was less than a year old. Peter himself is almost 90 (not a secret; it's on his
Wikipedia page).
PBL
Prof. Peter Bernard Ladkin, Bielefeld, Germany
ClaireTheWhiteRabbit RIP
Tel+msg +49 (0)521 880 7319 www.rvs-bi.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20210522/cfc4c863/attachment.sig>
More information about the systemsafety
mailing list