The RSA/Lockheed breach is very serious. Many security professionals thought the RSA authentication protocol using the SecurID token was bulletproof.
SecurID tokens have become a fixture of office life at thousands of corporations, used when employees log onto computers or sensitive software systems. The token is an essential piece of security, acting as an ever-changing password that flashes a series of six digits that should be virtually impossible to duplicate.
(…) In March EMC disclosed it had been hit by a sophisticated cyberattack on its SecurID products. It advised customers to beef up their own security, such as making sure no rogue programs had been installed on servers running RSA software. It also suggested users increase the length of employee “PIN” numbers used in tandem with the digits spit out by the RSA token.
As the company did a forensic analysis of the attack, it began to suspect the attacker was focused on defense contractors based on the sophistication of the attack and the profile of the hacker.
“Their modus operandi led us to believe this perpetrator was likely to attack defense secrets and related intellectual property,” Mr. Coviello said, of the intruders. The Lockheed infiltration received high-level attention in Washington, including from President Barack Obama, who was briefed on the incident.