The breach of RSA, the security division of EMC, last spring in which sensitive information related to RSA SecurID tokens was stolen, can be traced back to an attack originating in China, a security researcher strongly believes based on a close look into malware associated with the RSA breach.
RSA's SecurID token users have recently been targeted with fake emails supposedly coming from the US National Security Agency urging them to update their token code.
The address from which the emails are sent has been spoofed and says "email@example.com", but the offered malicious links take the victim to the national-security-agency.com domain, which according to Cyveillance, has been registered only the day before the spam run was started.
Symantec has begun to replace its global fleet of RSA SecurID tokens following its acquisition of VeriSign's Authentication Services last year.
The swap comes in the wake of the high-profile breach of RSA tokens in March, although the company said it already had planned to "eat its own cookie" and dump RSA for Versign's Public Key Infrastructure platform.
For any company that makes its living selling security, it's a nightmare come true. This week, RSA Security admitted that hackers who broke into its network three months ago had stolen information about its SecurID tokens and then used that information to attack a customer, Lockheed Martin.
Authentication failures are getting us owned. Our standard technology for auth, passwords, fail repeatedly — but their raw simplicity compared to competing solutions drives their continued use. SecurID is the most successful post-password technology, with over 40 million deployed devices. It achieved its success by emulating passwords as closely as possible. This involved generating key material at RSA’s factory, a necessary step that nonetheless created the circumstances that allowed a third party compromise at RSA to affect customers like Lockheed Martin.