Information systems at the Department of Defense may be vulnerable to cyber attacks now that a company it relies on for password-protected networks was itself a victim of hackers.

 

RSA, maker of the widely sold SecurID authentication system that protects computer logins, had information stolen by an “extremely sophisticated” intrusion from outside the company. While the compromised data alone won’t allow hackers to breach other systems using SecurID, it could be used with other information to successfully attack networks that rely on RSA, like those of the Pentagon.

 

Joel Brenner, national counterintelligence executive during the Bush administration, was alarmed by the news. “It’s a flanking attack—not a direct attack to steal information—but an attack to steal the keys that unlock a lot of people’s information,” he told Stars and Stripes. “I don’t think the public understands yet how grave this attack is. It ranks up there with the worst we’ve seen.”

 

The Defense Department has not said what systems may be at risk.

-Noel Brinkerhoff

 

Cybersecurity Breach May Leave DOD Networks Exposed (by Chris Carroll, Stars and Stripes)

RSA Breach Did Not Enable a Specific Attack - Coviello (by Warwick Ashford, Computer Weekly)