14 DAY TRIAL // After Brian Krebs recently posted the 760 organizations that were suspected of suffering security breaches performed with the same methods as the attack on RSA, companies quickly came forward denying the authenticity of the list.
The list contained a large number of Fortune 100 companies which were suspected of falling victims to the same tools utilized in the hit that targeted RSA. The security journalist claimed the information was shared with congressional staff, but the exact source remains unknown.
According to ZDNet, some of the firms from the list started replying to the findings, many of them rushing to deny the incident.
eBay was among the first to state that their systems were not compromised, also mentioning that they're in the process of asking Krebs to make the correction.
“We have not seen any evidence supporting the claim,” Jerry Bryant, group manager for response communications at Microsoft Trustworthy Computing, replied on behalf of the Redmond company.
Security providers such as Trend Micro and Team Cymru, which were also on the now infamous list, stated through the voice of their representatives that they deliberately infected some of their systems as part of the research that was done on the attack.
ISPs also mentioned that any potential infections probably targeted their account holders and not the companies itself.
To be fair, the journalist did mention that the ISPs and security solutions providers were not directly affected.
“A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit,” he said on Monday.
“Finally, some of these organizations (there are several antivirus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”
Most of the involved organizations have a problem with the fact that he didn't supply a source or the methodology which was used to obtain the results. It's true that his article leaves a lot of room for debate but I highly doubt it that he willingly tried to cause panic.