In 2011, a hack rocked the security scene. Chinese hackers managed to gain access to RSA servers και να διανέμουν κλειδιά SecurIDs για τον έλεγχο ταυτότητας δύο παραγόντων (2FA).
After 10 years, the non-disclosure agreement (NDA) to which the two parties are subject is now over. So Andy Greenberg published an article with the information he has.
In 2011, it became known that unknown individuals were able to infiltrate RSA servers and steal data. RSA sells cryptographic solutions based on the manufacturer's SecureID.
RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA (a subsidiary of Dell Technologies) to perform two-factor authentication for a user. The RSA SecurID authentication mechanism consists of a “token” – either hardware (eg a key fob) or software (soft token) – that is assigned to a user and that generates an authentication code at fixed intervals (typically 60 seconds) using a built-in clock and the card's factory-coded random key (known as a “seed”). The seed is different for each token and is uploaded to the corresponding RSA SecurID server (RSA Authentication Manager, πρώην ACE/Server & Hosting). On-demand tokens are also available, which give a password via email or SMS.
There are several RSA SecureID solutions, such as the USB stick shown above. Various services such as VPN servers, firewalls or OpenSSH that offer the ability to use SecurID for authentication. It was later revealed that hackers were serving seeds and possibly SecureID serial numbers issued by the RSA.
In other words, the entire RAS SecuritID infrastructure collapsed. In May 2011, the servers of the defense industry Lockheed Martin were hacked. According to WikiPedia, several people associate the event with some supposed theft of RSA seeds.
RSA 10 years later
We have been talking for 10 years now since the year 2021. There were administrators who experienced the nightmare of attacks on SolarWinds Orion software on vulnerabilities in Microsoft Exchange. In 2011, people were already looking into the abyss of security, and 10 years later no one seems to have learned.
In 2011, RSA was hacked by Chinese spies, who stole the "seed" values used to generate codes on SecurID 2fa tokens, shocking the security world. Now, after 10 years, the NDAs of the staff involved have expired. This is the untold story they shared with me: https://t.co/hRLfuDCFo1
— Andy Greenberg (@agreenberg at the other places) (@a_greenberg) May 20, 2021
Officials who handled the RSA incident in 2011 signed a non-disclosure agreement (NDA) with the company, which was valid for 10 years. This period has ended, and so officials are now allowed to speak publicly about the case.
Journalist Andy Greenberg, who made the revelations in the Snowden case, seems to have a lot of information from the group of people involved in the RSA hack. It appears that it was Chinese hackers who extracted seeds or data from RSA servers - and the whole issue ended up with Chinese military spies, who of course wanted access to the hack.
Greenberg has gathered a lot of details on a Wired article. If you open the article in incognito mode, you will be able to read it without being asked to sign up.