Last I heard it wasnt yet cracked , but moderate progress was made. This was like 3 days ago. My guess is this work is in response to the information that was lost.

Let’s assume that the seed values were compromised. On their own, and with only information available at RSA, they cannot be tied to an individual user. However, that’s not the only resource a good hacking organization has.

Trojan horses record all keystrokes on specific machines, and are designed to capture usernames, passwords, and other credentials. This, I think I can safely say, would include previous one time passwords and a near precise time they were entered. I would think a hacking organization savvy enough to pull off a directed attack like RSA would also have the resources for the more statistical mass market type attacks as well, and would already have this dataset available.

Using cloud technology, the RSA algorithms, and the seed value, an attacker could generate previous OTPs for each token. This could even be done intelligently, by only generating them for the specific times shown in the Trojan data. That attacker could then match the captured trojan OTPs and the calculated RSA OTPs, and suddenly you have a set of personal information associated with specific tokens.

Ouch, now the mapping between the RSA seed data and a unique user exists. Nifty huh?

This is not a issue – move along, move along.

Probably, the customer name, token IDs, and seed numbers were taken. RSA don’t have much else worth stealing – the algorythm is well known, and open-source code generators are available, just plug in the seed value and the current date/time and you get the right code.

However to use this information you need to know:
The seed value for a token. (stolen)
The username associated with a token (not known by RSA, so not stolen).
The IP address/service that can use that username/token. (not known to RSA, not stolen)
The secret PIN. (not known to RSA, not stolen)

If you get the PIN wrong a few times (5?) the token is disabled. If you get the code wrong a few times (15?) the username is disabled.

So brute-forcing the PIN isn’t an option even if you knew who had what token….

…like I said, move along, move along.

The real issue here is exactly how complex and persistent the attack was to steal this information – would your company be safe against exactly the same attack?

Answer in 99.99% of cases: no :-(

Dom

You mean comprOmised?

Title is misleading.

This news is old, I was expecting this to be an article containing an actual exploit. Very disappointing.

RSA has not admitted to a failure in their two-factor authentication system. Unfortunately, RSA has not confirmed that the system has NOT been compromised, either.

RSA’s handling of this makes me wish my employer would switch to a new system that’s more open. I don’t want to go months, weeks, or even days without knowing that the servers we protect with RSA’s two-factor system are secure. RSA needs to be more forthcoming or admit that they just don’t know. Right now, it just sounds like they’re trying to hide the extent of the damage, which does not do much for my confidence in the security of their system.

Doesn’t the Blizzard World of Warcraft Authenticators use this same technology?

i wonder, was this attempt made as a proof of concept, an attempt to access bank accounts or an attempt for blizzard accounts.

I have to agree with dom, but he forgot to mention one thing: This could have been a targetted attack, which means the attacker knew what he/she was after and they got what they wanted. Perhaps they had the PIN, username and IP all they needed was the token seed file so they could generate legitimate keys.

Who says this was not planned by some – - government or large organization. The point is RSA activID is compromised. Anyway the picture you are showing is of an old end of life token. Nowadays they have a keypad on which you enter a pin. This generates the secret for you.

I use one of these everyday to login for work.. The LCD display shows a number that you tack onto your password that changes every few seconds.. If the time on your PC is off or you take a second too long to type your password it’s invalid and you have to try again.. RSA would have no idea what my ID or password would be let alone what the number on my fob is..especially at any given time since those servers are within my company.

A microsoft product’s failure (Excel macro) unleashes a floodgate of attacks. sigh…

@joe

Ask your RSA admin to ‘resync’ your token, and that should allow a code in front/behind to still be accepted. The RSA server should automagically sync when you use a too old/new a code, but I’ve seen this problem, so it doesn’t always work – especially if the server clock drifts a bit, e.g. isn’t using NTP to sync with reality. (token clocks drift too, but nowt you can do about that except resync).

Dom

“[Assuming the attacker doesn't know who each secret key is assigned to, then the key doesn't have much value]…” I’m not really convinced.

While the attacker would be unable to simply select a key and a username and login as someone else, let’s assume the attacker is intelligent. What if the attacker managed to establish a man-in-the-middle attack between some user and the system being attacked (certainly not an unthinkable scenario). The attacker manages to retrieve a username, password, and one time key; exactly the sort of scenario that this system is designed to protect against. Because the attacker is in the middle he can probably cause the server to reject the first login attempt, by injecting invalid data, forcing the user to enter in another temporary key: now the attacker has two sequential keys, a username, and a password.

Normally here is where we would be stuck, the attacker may be able to log in to the system once but that’s it; due to the nature of cryptography going backward is essentially impossible. The only option would be to brute force the secret key in order to find one that would produce these two sequential temporary keys and this would take an unimaginable amount of time. But now the attacker has another piece of the puzzle, a list of potential secret keys (possibly, we don’t know the entire picture). With this the attacker can now reduce the number of attempted secret keys by a hugely significant number, sort of like performing a dictionary attack, and while matching the secret key to the temporary keys may still be computationally difficult it would become much more feasible.

The problem is that the more information you give an attacker the easier you make their job, and it’s not always obvious how some piece of information could compromise a system. If it was this easy then security wouldn’t be an issue.

Wow, only 2 or 3 weeks late on reporting this one. FAIL

If keys can be created now by hacker who knows 2 keys or token id is there any adventure over free ssh?

What if they got the list of the largest mean numbers that are used to protect the smartcards used in the satellite systems. Makes you wonder how much more they got that wasn’t let out.