Riveting report by Andy Greenberg for Wired:
In the decade that followed, many key RSA executives involved in
the company’s breach have held their silence, bound by 10-year
nondisclosure agreements. Now those agreements have expired,
allowing them to tell me their stories in new detail. Their
accounts capture the experience of being targeted by sophisticated
state hackers who patiently and persistently take on their most
high-value networked targets on a global scale, where an adversary
sometimes understands the interdependencies of its victims’
systems better than victims do themselves, and is willing to
exploit those hidden relationships.
The perpetrators: Chinese hackers. The attack vector that got them in the door: well, given that it was 2011, you will not be surprised.
(The opening anecdote has a somewhat Mission Impossible-y feel to it that doesn’t ring true to my ears — that the hackers moved the archive with the pilfered encryption seeds mere seconds before an RSA analyst attempted to remotely delete them. For one thing, it implies there was any hint that the archive RSA found was the only copy of the data. So take that anecdote with a Tom Cruise-size grain of salt. It’s a good inside look nonetheless.)
★ Sunday, 30 May 2021