Rsa Data Breach Essay

804 words - 3 pages

RSA is the encryption and network security division of EMC, assisting top organizations to solve complex IT security challenges. RSA’s products and mission consist of a combinations of business-critical controls, encryption, and tokenization to secure access to organizations IS infrastructure. The Security Division offers a wide range of two-factor authentication solutions to help organizations assure user identities and meet regulatory compliance requirements. The authentication keys come in a variety of forms such as hardware and software authenticators that can be applied to a range of computer devices.
RSA SecurID Technology
SecurID is based on password and pin, a double layered access authentication principle. This technology is noted to have a more reliable level of user passwords. The cryptographic technology has the ability to automatically changes passwords every 60 seconds. The top benefit of SecurID helps positively identify users before they access critical confidential data systems. Each authenticator possesses a special symmetric key that is combined with an algorithm to create rapid one-time passwords (OTP). The OTP’s are stored in the Authentication Manager server for optimal security. OTP’s are established and known to the user – the PIN acts as a back-up layer which makes it extremely difficult for hackers to exploit. Strengthening vulnerabilities in access control mechanism with a layered technology, makes SecurID access keys a worthwhile product.
So What
Despite RSA’s specialization in IT security products for top organizations world-wide, on March 17, 2011 the company fell victim to a common cyber-attack leaving client’s and RSA’s IS infrastructures vulnerable to further exploits. Executive Chairmen, Art Coviello revealed a spear-phishing attack compromised RSA’s network by simple common tactics. Hackers found vulnerability on RSA’s SecurID products by manipulating an employee’s email account. The “zero-day” exploit used an Excel spreadsheet coded with malware which corrupted an Adobe Flash file. The email based attack exposed the company’s internal networks providing hackers an opportunity to access confidential data from approximately 35,000 organizations. Attackers discovered information on RSA’s SecurID products which are applied to PC’s, USB’s, phones, and key phobes (RSA). Coviello confirmed the attack did result in a data breach and specific information was extracted from RSA’s systems (Coviello 2011). However, there was no evidence that SecurID client’s confidential information was obtained even though SecurID two-factor technology was directly attacked.
Having access to the internal networks and the SecurID source code can potentially give cyber criminals a small gateway to exploit users but there will still be more probing to commence to completely break the seed record encryption created by RSA’s special...

Find Another Essay On RSA Data Breach

Importance of Cryptography Essay

2068 words - 9 pages unreadable unless decrypted. These algorithms can use keys that decode and encode the data that gets sent. Symmetric key encryption is one of the simpler forms of cryptography. Using a key, the sender codes the message. Only someone with the knowledge of that key can read the send message. Problem using symmetric keys can arise if the key is not kept guarded sufficiently. Asymmetric key encryption follows the same idea as symmetric in that it also uses a

Implications for Data Breaches Essay

1469 words - 6 pages . Encrypting the data may reduce the impact of a data breach, but losing the encryption key, means losing the data as well. Also, keeping offline backups of the data to reduce the impact of a catastrophic data loss, will increases the exposure to data breaches. A. Side channel attack: Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the

Scheier's (2006) article

5832 words - 23 pages availability number and their password…it's similar to "GoToMyPC" or similar products. We do not issue laptops that can access our networks at all, so the loss of a laptop, while costly, is not a security breach for our data. If your RSA SecurID is lost, MIS can deactivate it right away and issue you a new one; same thing with your password (some people can never remember them, so they write them on the back of the SecurID, which is obviously

Ecommerce- boom or bust?

1352 words - 5 pages spyware.Understandably, there is a fear that when consumers start to fall victim to rising online identity theft, confidence in e-commerce will plummet, leading to a backlash against e-tailers and online banks."If the criminals succeed and internet identity theft continues to escalate out of control, the consumer will rapidly lose confidence in e-business," says Tim Pickard, strategic marketing director EMEA at e-security specialist RSA Security.A survey by

A Case Study on the cyber-attack in cloud computing

2545 words - 10 pages Threat: Data Breaches It’s every CIO’s worst nightmare: the organization’s sensitive internal data falls into the hands of their competitors. While this scenario has kept executives awake at night long before the advent of computing, cloud computing introduces significant new avenues of attack. In November 2012, researchers from the University of North Carolina, the University of Wisconsin and RSA Corporation released a paper describing how a

None Sone

5663 words - 23 pages ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 6. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint


5663 words - 23 pages ANY OTHER USERS OF PYTHON FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 6. This License Agreement will automatically terminate upon a material breach of its terms and conditions. 7. Nothing in this License Agreement shall be deemed to create any relationship of agency, partnership, or joint


8379 words - 34 pages the information. Asymmetric encryption is more secure than symmetric encryption because it uses a pair of keys. Algorithms of this type include EIGamal and RSA. One-way encryption creates data that is theoretically impossible to retrieve. One-way encryption can be used to create hash codes. Examples of one-way encryption include MD2, MD5 and Secure Hash Algorithm (SHA). In general, the longer a key the more secure the password. Another

When the Bubble Burst

1539 words - 6 pages By the time I arrived state side from my second tour in the Middle East the housing bubble had already burst. I noticed a drastic change in the way that many of my friends and family were living. Several of my friends that worked in real estate had sold their boats and seconds houses. My own stock portfolio had lost a third of its value. My sister and her husband had defaulted on their home mortgage leaving them scrambling for a place to live. I

phase diagram

4456 words - 18 pages consisted of a stir plate, ring stand, Erlenmeyer flask, ice water bath, and a GLX temperature probe. The temperature probe was set to take a data point every second. A stir bar was added to the ice water bath to ensure a uniform temperature throughout the bath, and thus more uniform cooling of the samples. A beaker of boiling water was set up on a hot plate in order to melt the samples. After adjusting the various settings of the probe, the

Revolutionary Work of Art

1890 words - 8 pages Walter Benjamin emphasizes in his essay, “The Work of Art in the Age of its Technological Reproducibility” that technology used to make an artwork has changed the way it was received, and its “aura”. Aura represents the originality and authenticity of a work of art that has not been reproduced. The Sistine Chapel in the Vatican is an example of a work that has been and truly a beacon of art. It has brought a benefit and enlightenment to the art

Similar Essays

The Impact Of The Rss Breach On Critical Infrastructure

1256 words - 5 pages attack while it was still in progress (Gov InfoSecurity, 2011). Once discovered, RSA’s Computer Incident Response Team began to monitor the attackers to determine the extent of the breach, discovering that data pertaining to their SecurID tokens had been exfiltrated (Rivner, 2011). RSA executive chairman Art Coviello describes the discovery by stating, “We were disappointed when we realized they'd exfiltrated information related to SecurID, and

Cyber Attack On Rsa Essay

794 words - 4 pages CYBER ATTACK ON RSA 1. BREACH: RSA Security LLC, is an American computer and network security company, and is a division of EMC Corporation. RSA is an independent company named after its co-founders Ron Rivest, Adi Shamir, and Len Adleman. The company’s headquarters is located in Bedford, Masachusetts, United States of America. Encryption and network SecurID Authentication tokens are its major products

Securing Data And Handling Spillage Events

582 words - 3 pages this data breach leads to a huge loss to the organization in all aspects. One of the worst data spill is, Sony’s Play Station Network in the year 2011. The impact affecting 77 million Play Station Network accounts hacked.  In the same year, another major data leak happened to RSA Security leading to close to forty million employee records stolen.  In 2008, Heartland Payment Systems faced data loss when their 134 million credit cards broke

Reconstruction Of Image With Hebcot Compression Technique

2420 words - 10 pages already increased to between twenty and sixty, betting on optimizations. To secure a 256-bit AES key, ECC-521 will be expected to get on average four hundred times quicker than fifteen, 360-bit RSA. III .PROBLEM STATEMENT Compressed sensing [8], is a recent data sensing and reconstruction framework well-known for its simplicity of unifying the traditional sampling and compression for data acquisition. Along that line of research, one recent