RSA Offers to Replace All SecurID Tokens Following Lockheed Martin Attack

RSA, the security division of EMC, has acknowledged that information stolen from its network was used to carry out a cyber attack against Lockheed Martin and offers to replace all of the 40 million SecurID hardware tokens in existence.

Back in March, RSA announced that attackers managed to penetrate its network and accessed information related to SecurID, its two-factor authentication solution.

The company provided little information about the incident and the extent of the breach, a decision that attracted strong criticism from the information security community.

"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," the company said at the time.

Since then, three large U.S. government contractors, namely Lockheed Martin, L-3 Communications and Northrop Grumman are believed to have been attacked using information stolen during the RSA breach.

Of these, only the Lockheed Martin one was publicly confirmed and attackers are said to have used cloned SecurID tokens to access the company's network.

Lockheed claims that its security team spotted and blocked the attack before any sensitive information was stolen, but the incident prompted a week-long remote network access ban and a change of SecurID tokens for all employees.

In a letter to customers sent yesterday, RSA acknowledged that intruders breached Lockheed Martin's security using information stolen from its systems. Furthermore, the company's chairman, Mr. Art Coviello, told the Wall Street Journal that as a precaution, the company will offer to replace the SecurID tokens for virtually every customer.

In addition, for certain customers, primarily those in the financial industry, RSA will provide transaction monitoring and other intrusion detection capabilities. Depending on their security requirements, some customers might not need to replace the tokens. "We believe and still believe that the customers are protected," Mr. Coviello said.