Free Republic

Details about the recent cyber attacks against security firm RSA suggest the assailants may have been taunting the industry giant and the United States while they were stealing secrets from a company whose technology is used to secure many banks and government agencies. Earlier this month, RSA disclosed that “an extremely sophisticated cyber attack” targeting its business unit “resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products.” The company was careful to caution that while data gleaned did not enable a successful direct attack on any of its SecurID customers, the information...

Sophisticated hackers broke into security company RSA's servers and stole data related to SecurID authentication tokens, the firm's head announced late Thursday. The tokens are used by an estimated 40 million employees of large corporations and organizations. They generate a seemingly random six-digit number every 30 or 60 seconds, which the employees type in to log into virtual private networks or other sensitive systems. The RSA cryptography algorithm, which uses a 128-bit "seed" unique to each token to generate the numbers, is virtually impossible to crack. An estimated 250 million smartphones use similar RSA software to verify identity. "Recently, our...

SAN FRANCISCO—Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites. "The incident got close to, but was not quite, an Internet-wide security meltdown," Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group's website. Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages. "The attacker was well prepared and knew in advance...

The US government is offering private intelligence companies contracts to create software to manage "fake people" on social media sites and create the illusion of consensus on controversial issues. The contract calls for the development of "Persona Management Software" which would help the user create and manage a variety of distinct fake profiles online. The job listing was discussed in recently leaked emails from the private security firm HBGary after an attack by internet activist last week.Click here to view the government contract (PDF)According to the contract, the software would "protect the identity of government agencies" by employing a number...

Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. Over the last week, many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light. Last week, the hacker group Anonymous released more than 40,000 of HBGary Federal’s emails, followed by another 27,000 from its sister company, HBGary, over the...

The loose hacker collective Anonymous says it has taken revenge on a US security company whose principal claimed to have penetrated the group and identified some of its key people. They hacked the Twitter account of Aaron Barr, the chief executive of HBGary, and sent out a series of angry tweets while many Americans were watching the Super Bowl match on Sunday night, allegedly including Barr's social security number and address, and his mobile phone number.

Note: This is a SNIPPET only. Quote: GAO U.S. GOVERNMENT ACCOUNTABILITY OFFICE http://gao.gov/products/GAO-10-338 "Cybersecurity: Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative" GAO-10-338 March 5, 2010 SNIPPET: "Summary In response to the ongoing threats to federal systems and operations posed by cyber attacks, President Bush established the Comprehensive National Cybersecurity Initiative (CNCI) in 2008. This initiative consists of a set of projects aimed at reducing vulnerabilities, protecting against intrusions, and anticipating future threats. GAO was asked to determine (1) what actions have been taken to develop interagency mechanisms to plan and coordinate CNCI activities and...

US national security leaders and top cyber warriors from around the world are gathering here to plot defenses against criminals and spies that increasingly plague the Internet. Homeland Security Secretary Janet Napolitano and White House Cyber Security Coordinator Howard Schmidt will take part in this week's RSA conference along with computer defense companies and technology icons such as Apple co-founder Steve Wozniak and Craigslist creator Craig Newmark. "We have before us more data moving into the cloud and more sophisticated cyber criminals," said Qualys chief executive Philippe Courtot, who is among the keynote speakers at the premier event that kicks...