After Lockheed Martin Hack, RSA to Replace SecurID Tokens

Hackers hit defense contractor Lockheed Martin using SecurID data stolen from RSA Security, and now the company's CEO is offering to replace user tokens.

RSA Security has offered to replace the SecurID tokens used by enterprises and government agencies to secure their networks after attackers attempted to hack a defense contractor's network in May.

Intruders managed to breach defense contractor Lockheed Martin's network in May when it bypassed RSA Security's SecurID technology, RSA Security Chairman Art Coviello acknowledged in a letter to customers on June 6. While Lockheed was hacked, no information was compromised, according to the Wall Street Journal.

Cyber-attackers initially compromised RSA Security with a phishing email exploiting a zero-day Adobe vulnerability, Coviello disclosed in March. The company declined to specify exactly what had been stolen but acknowledged it was "information relating to the SecurID technology."

"RSA clearly knew what was breached to begin with and what the implications were and they didn't do anything about it," Bobby Kuzma, president of Central Florida Technology Solutions, a security solutions provider, told eWEEK.

RSA should have replaced the tokens immediately, not waited until after three major defense contractors were attacked, Kuzma said. The company had a duty to its clients to disclose "any material defects in the solution," according to Kuzma.

This article was originally published on 06-08-2011
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.