The RSA breach was carried out using an advanced persistent threat (APT), and China is known for using the APT attack method, Rich Mogull, chief executive of Securosis, told CNet.
"APT is a euphemism for China. There is a massive espionage campaign being waged by [that] country. It's been going on for years, and it's going to continue", Mogull said.
The security breaches at Lockheed Martin and L-3 Communications, and now reportedly at Northrop Grumman, appear to have resulted from the information taken from RSA, according to Chris Wysopal, chief technology officer at Veracode. "I think [the attacks on the contactors] are completely related" to the RSA intrusion, Wysopal told CNet.
Lockheed Martin admitted to the New York Times that the hackers that gained access to its network used data stolen from RSA. And RSA officials said that they were working with customers to offset the risk created by its data breach.
In April, L-3 told employees that it was the target of a cyberattack using information from the RSA breach, according to Wired. And just last week, FoxNews.com reported that Northrop Grumman had to shutdown remote access for its employees, suggesting that a breach of the SecureID tokens was the reason for the shutdown.
While speculation that China was behind all of these attacks is just that – speculation – it would fit in with the Chinese government’s posture that cyberspace is a competitive battleground with the US government, according to Rafal Rohozinski, a principal at SecDev who did research on targeted attacks on Tibet.
"China has made no secret that they see cyberspace as the domain that allows them to compete with the US", Rohozinski told CNet.
07 June 2011
Having token data is half of what cybercriminals needed to gain entry. Login/Password data is the second half of the equation. You can still protect your organization by ensuring keystroke loggers are not introduced on a user's computer. Application whitelisting ensures only trusted software is allowed to run ... a must have when your left holding "broken tokens".
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.