IT Security Breach Study: Analysis of the RSA Security Breach

Verified

Added on 2019/09/23

AI Summary

This report provides an in-depth analysis of the 2011 RSA security breach, a significant incident in the realm of IT security. It begins with an abstract summarizing the event and its importance. The report justifies the choice of the RSA case, highlighting its impact on the security industry and the potential financial losses. It then delves into the reasons behind the breach, detailing the techniques used by attackers, including phishing emails and exploitation of software vulnerabilities. The report examines both the negative impacts, such as reputational damage and potential data exposure, and the positive impacts, such as the development of new security doctrines and improved security measures. Finally, the report discusses the remedies that emerged in the aftermath of the attack, including the implementation of zero-day patches and stronger security algorithms, and concludes by emphasizing the lessons learned and the importance of continuous improvement in cybersecurity. The report is a valuable resource for IT professionals and students interested in understanding and mitigating the risks associated with cyberattacks.

IT Security Breach Study
IT Security Breach Study
Name of the student
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Security Breach Study
Table of Contents
Abstract.......................................................................................................................................................3
Justification for the Choice..........................................................................................................................4
The Reasons behind this historical breach..................................................................................................5
Impacts of the RSA hacking trail..................................................................................................................6
Negative Impacts.....................................................................................................................................6
Positive Impacts.......................................................................................................................................7
Remedies emerged as an aftermath of the attack.......................................................................................7
Bibliography................................................................................................................................................8
2

IT Security Breach Study
Abstract
It might sound like a tale from Arabian Nights where a simple password can open the doors of a
treasure for you. It was a thing of fantasyland during the 18th century, however, now the things
have changed. In his novel “Digital Fortress” author Dan Brawn mentioned about a firewall
setting that has the power to rob the digital privacy of every single human being living in the
USA. (Brown, 2013)
What they have mentioned in these fictional stories has become the truth of current day society.
Now right from your simple digital wallet to your companies’ secret data of customer base,
everything is a treasure and hackers are all on the hunt to rob it from it from you. In the course of
this study, we will decipher some landmark cases that changed the perspective of people about
the powers of a hacker. Here we will study these cases on technical and non-technical merits and
try, to sum up, a precaution plan to prevent these hacking crimes in future. Our point of focus is
infamous RSA case. We selected this case because it became a cynosure of controversy when
various rival firms said that it was a complete disaster for RSA, however, RSA came out clean
by reinstating the fact that their system survived from Major Attacks or it was only a security
breach, not a data breach. (Stuarts, 2015)
3

IT Security Breach Study
Justification for the Choice
Here we are mainly focusing on RSA security breach that took place in 2011. It can be
considered as the mother of all the security breaches. The core business of RSA is to provide
security to various businesses dealing in digital domain. If somebody can steal data from this
parent organization then one can easily imagine that every other security system installed by this
particular company is always at a thrash hold of danger. It was an attack on the core business of
company and some dire consequences were on the cards. It is believed that $ 66 million were at
stack during this attack. (Ruan, 2014)
As a company, RSA is rated among the best companies of the world providing computer and
internet security solutions. Quite surprisingly this company fell for an expert job, it was not an
overnight theft done by a set of rookie burglars. It took them weeks to first make an entry into
the systems followed by a series of remote operations where they stolen the passwords of key
employees. After having all the necessary keys by their side, they systematically entered in the
system of RSA and then came in the big theft that left shock waves among 40 million businesses
that were taking the security solutions from RSA.
It is a comprehensive case of cold-minded hacking operations; this single incident changed the
definition of world's most sophisticated defenses and forced them to succumb in front of
"advanced persistent threats" created with the help of "high tech Zero-day attack" and "low tech
Social Engineering tools. It forced the developers of antivirus producers to lose their midnight oil
because a new threat made an entry into highest levels of security with an ease. (Information
Week, 2011)
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Security Breach Study
The Reasons behind this historical breach
After handling many cases of cyber hacking, most of the investigating agencies reached a
conclusion that normally hackers move in a team. This team comprises of a serious and spirited
hacker along with a mind with a criminal bent. They often club together with insiders in order to
figure out that where exactly the booty lies. In the case of RSA, it is a believed that it was a
“crime of passion” from the point of view of a hacker. Some industry insiders were also involved
in it. The plan was very smooth, they were planning to make a slow entry into the system and
gradually steal the money, which was the sensitive data present on the system.
It is true that this RSA converted this breach into an opportunity but on the hinder sight, this
breach completely shaken them because of technical simplicity involved in the modus operandi.
The attacker followed some simple steps here.
1. He sent a phishing E-mail with subject line “2011 Recruitment Plan,” it was an email sent
to a small group of non-significant employees. The attacker waited for two good days.
2. Since it was sent to some soft targets, and opened the email and thus malware made an
entry into the system of RSA. The excel file attached with the mail was carrying it.
3. This malware figured out a hole in Adobe’s flash software and made an entry into the
advanced settings of the main system.
4. This malware created a window of remote control for the hacker.
5. They tried to create aggression points in order to retrieve sensitive information from the
systems of RSA but failed in their initial attempts.
6. In the next step, hacker started stealing the passwords of various employees.
7. After breaking various layers finally, he reached to a level where he was able to have an
access to sensitive Data of the RSA.
5

IT Security Breach Study
Hackers made a simple entry with the help of a patch that was present in the software of Adobe.
It took them many days to do so. Quite surprisingly, none of the security servers in the system
figured out the presence of a new remote user. What we have shared with you are the two steps
of security breach, the third and most crucial step of this hacking crime was the time when
hackers tried to bring out RSA files from its archive. This third step was crucial however; most
of the people believe that they met with a failure here. (Sean Bodmer, 2012)
They played very safely; they were receiving these files on hacked machines and trying to create
an en route complication in figuring out digital footprints. They failed in bringing out the files
from the systems of RSA however, at the same time met with success in their attempt to hide
their digital footprints. According to the sources of RSA forensic department, hackers used some
web addresses from China in order to hack the system.
It is a void piece of information when we look at it from the point of view of cyber forensic
studies then we find that they are capable of resolving some of the complicated crimes, however,
this time, it was hard luck for them.
Impacts of the RSA hacking trail
Negative Impacts
More than 40 million accounts came under the scanner of vulnerability after the successful
execution of this attack. We opted for this particular case because it allows us to explore various
other loopholes in numerous types of security systems. The stock of RSA saw a sharp decline on
an immediate basis. It was a big jolt to the reputation of the company because RSA is primarily
known to provide security services. Further, this attack also embroiled them in a big controversy
because some unconfirmed sources claimed that hackers successfully stole the files and now they
6

IT Security Breach Study
will use them directly for the phishing purposes. This controversy boiled down with a passage of
time but the damage was done already. (Information Week, 2011)
Positive Impacts
This attack is also important because RSA immediately turned this attack into an opportunity and
mended their way to come up with a new defense doctrine. This defense doctrine, later on,
worked as the stepping-stone for the higher leagues of the internet security solutions. This
turnaround of the events, first at the level of crime and secondly at the level of ramifications
makes a landmark case by all the possible standards and commands a deeper study of the events
from the point of view of an IT aspirant dealing with these conditions.
Adobe reviewed its security regimes all over again and we saw the rollback of previous versions.
RSA offered replacement tokens to all his vendors and customers and this time, these tokens
were carrying stronger algorithms. (Ruan, 2014)
Remedies emerged as an aftermath of the attack
The anatomy of the attack over the RSA file is always under scanner because the company never
claimed certain acts. However, this attack in 2011 emerged as a warning sign for many other
companies and as we have mentioned it earlier, it took the game to a new level altogether. In the
later run, companies started focusing more on the aggression points. These were the entry points
where hackers tried to figure out and exit route for the sensitive files of RSA data bank. Adobe
Flash vulnerability (CVE-2011-0609) figured out a solution in the form of zero-day patches. This
patch made it leak proof software once again. This attack also changed the perspective about the
lower levels of security where some insignificant connections were allotted to people. It was a
breach from that side of the fence. RSA started working in this direction. After this landmark
incident, cyber world reported five major attacks under the names of Google, Sony, Epsilon, PBS
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Security Breach Study
and official systems of the Australian government. However, RSA came out as a formidable
force after this attack and remained unperturbed in all the given conditions. (Information Week,
2011)
8

IT Security Breach Study
Bibliography
Brown, D. (2013). The Digital Fortress .
Ruan, X. (2014). Platform Embedded Security Technology Revealed: .
Sean Bodmer, D. K. (2012). Reverse Deception: Organized Cyber Threat Counter-Exploitation.
Stuarts, J. (2015). Engineering Information Security: The Application of Systems Engineering ...
week, I. (2011, 07 28). www.informationweek.com . Retrieved from
http://www.darkreading.com/attacks-and-breaches/rsa-securid-breach-cost-$66-million/d/d-id/
1099232?
9