After Lockheed Martin Hack, RSA to Replace SecurID Tokens
Modernizing Authentication — What It Takes to Transform Secure Access
RSA Security has offered to replace the SecurID tokens used by enterprises and government agencies to secure their networks after attackers attempted to hack a defense contractor's network in May.
Intruders managed to breach defense contractor Lockheed Martin's network in May when it bypassed RSA Security's SecurID technology, RSA Security Chairman Art Coviello acknowledged in a letter to customers on June 6. While Lockheed was hacked, no information was compromised, according to the Wall Street Journal.
Cyber-attackers initially compromised RSA Security with a phishing email exploiting a zero-day Adobe vulnerability, Coviello disclosed in March. The company declined to specify exactly what had been stolen but acknowledged it was "information relating to the SecurID technology."
"RSA clearly knew what was breached to begin with and what the implications were and they didn't do anything about it," Bobby Kuzma, president of Central Florida Technology Solutions, a security solutions provider, told eWEEK.
RSA should have replaced the tokens immediately, not waited until after three major defense contractors were attacked, Kuzma said. The company had a duty to its clients to disclose "any material defects in the solution," according to Kuzma.