Thursday, June 9, 2011


   A dreadful cyber attack has affected the security of hundreds of thousands of electronic key fobs used by Australian banks and their customers, the Defence Force and organisations such as the Tax Office to access computer systems.
RSA, a security division of the US data storage giant EMC, has clarified that it would reissue an unknown number of the estimated 40 million RSA SecurID key fobs used worldwide.
   SecurID key fobs are small, portable devices that generate a digital security code that changes every 60 seconds. They are most commonly used with a static PIN or password to access a computer system.
RSA SecurID tokens. <i>Photo: <a href="">Flickr/Bruno Cordioli</a> </i>
RSA security ID
   In spite of earlier warnings that the company had been the victim of "an extremely sophisticated cyber attack" the customers did not take necessary caution to prevent such an unfortunate incident happening.

   RSA's admission follows an attack on the defence contractor Lockheed Martin who revealed an attacker had tried to access its network using information about the key fobs stolen from RSA in the earlier attack last March. But it had stopped the attacker stealing any information.

  ''Certain characteristics of the attack on RSA indicated that the perpetrator's most likely motive was to obtain an element of security information that could be used to target defense secrets and related [intellectual property],'' RSA said on its website.       
The Department of Parliamentary Services had 1800 of the key fobs used by staff and MPs.

  The Department of Veterans' Affairs was considering RSA's offer to replace the key fobs at no cost. Westpac Bank said it did not see an immediate need to replace its customer key fobs as it had ''not been compromised''. The Tax Office was arranging replacements.

  The attack meant many organisations would see a need to beef up their security.
To be successful an attacker would need certain information from the fob's user, such as the user name and PIN or password.

  This can often be swiped by a user handing over their details in an email to a hacker pretending to be from the organisation that issued the fob. Without some of these details it would be difficult for a hacker to gain entry to a network.

No comments:

Post a Comment