Wired has published an in-depth feature on the 2011 hack of security company RSA, in which hackers stole the so-called “crown jewels of cybersecurity,” the secret keys forming a “crucial ingredient” of its SecurID two-factor authentication devices. It would go on to “redefine the cybersecurity landscape” with huge implications for not just RSA, but also the organizations that relied on its devices for their own security.
Wired’s Andy Greenberg describes the moment RSA analyst Todd Leetham discovered that hackers had accessed one of RSA’s most important pieces of data:
With a growing sense of dread, Leetham had finally traced the intruders’ footprints to their final targets: the secret keys known as “seeds,” a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.
One of the most interesting sections of the report describes how the hack affected the psychology of RSA’s employees, making them intensely paranoid. The company switched phone networks, started holding meetings in person, and shared documents on paper. The building was swept for bugs, and some office windows were covered in paper to prevent surveillance.
Paranoia was beginning to take hold in the company. The first night after the announcement, [RSA’s head of North American sales] remembers walking by a wiring closet and seeing an absurd number of people walking out of it, far more than he imagined could have ever fit. “Who are those people?” he asked another nearby executive. “That’s the government,” the executive responded vaguely.
The RSA hack was not only blamed for a subsequent hack of “at least one” US defense contractor, but it opened much of the world’s eyes to the danger of supply chain attacks. Rather than attacking a target directly, a supply chain attack sees hackers infiltrating one of their target’s suppliers to get behind their defenses, like what we saw with last year’s SolarWinds hack.
After 10 years of rampant state-sponsored hacking and supply chain hijacks, the RSA breach can now be seen as the herald of our current era of digital insecurity—and a lesson about how a determined adversary can undermine the things we trust most.
Wired’s feature is well worth a read.