The secret of a Chinese RSA Hack since 2011
In 2011, a hack shocked the security scene. Chinese hackers have been able to gain access to RSA servers and distribute SecurIDs keys for two-factor authentication (2FA).
After 10 years, the non-disclosure agreement (NDA) to which the two parties are subject is now over. So Andy Greenberg published an article with the information he has.
In 2011, it became known that strangers were able to break into RSA servers and steal data. RSA sells cryptographic solutions based on the manufacturer's SecureID.
RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA (a subsidiary of Dell Technologies) to perform two-factor authentication for a single user. The RSA SecurID authentication mechanism consists of a "token" - of hardware (eg a fob key) or software (soft token) - which is assigned to a user and which generates a constant authentication code (usually 60 seconds) using a built-in clock and the factory-coded random card key (known as a "seed"). The seed is different for each token and is loaded on the respective RSA SecurID server (RSA Authentication Manager, formerly ACE / Server). On-demand tokens are also available, which provide a password via email or SMS.
There are several RSA SecureID solutions, such as the USB stick shown above. Various services such as VPN servers, firewalls or OpenSSH that offer the ability to use SecurID for authentication. It was later revealed that hackers were serving seeds and possibly SecureID serial numbers issued by the RSA.
In other words, the entire RAS SecuritID infrastructure collapsed. In May 2011, Lockheed Martin's defense servers were compromised. According to WikiPedia, several people link the incident to an alleged theft of RSA seeds.
RSA 10 years later
We have been talking for 10 years now since the year 2021. There were administrators who experienced the nightmare of attacks on SolarWinds Orion software on vulnerabilities in Microsoft Exchange. In 2011, people were already looking into the abyss of security, and 10 years later no one seems to have learned.
In 2011, RSA was hacked by Chinese spies, who stole the "seed" values used to generate codes on SecurID 2fa tokens, shocking the security world. Now, after 10 years, the NDAs of the staff involved have expired. This is the untold story they shared with me: https://t.co/hRLfuDCFo1- Andy Greenberg (@a_greenberg) May 20, 2021
Officials who handled the RSA incident in 2011 signed a non-disclosure agreement (NDA) with the company, which was valid for 10 years. This period has ended, and so officials are now allowed to speak publicly about the case.
Journalist Andy Greenberg, who made the revelations in the Snowden case, seems to have a lot of information from the group of people involved in the RSA hack. It appears that it was Chinese hackers who extracted seeds or data from RSA servers - and the whole issue ended up with Chinese military spies, who of course wanted access to the hack.
Greenberg has gathered a lot of details on a Wired article. If you open the article in incognito mode, you will be able to read it without being asked to sign up.