- Argentina beats Dutch in shootout to reach World Cup final
- Tanard Jackson suspended indefinitely by NFL — again
- FAA investigating fireworks drone flights
- Pentagon: We’ll give Obama a drone strike with al-Baghdadi’s name on it
- Marine in Mexican custody to get day in court after 101 days
- Senate OKs San Antonio mayor as housing secretary
- NFL star likely fooled by Marine impostor who accepted first-class plane ticket
- Sen. Ted Cruz tweets Obama directions from fundraisers to border towns
- Israel hits key Hamas targets in Gaza offensive
- Ten-year sentence for New Orleans’ Nagin on graft charges
EMC’s anti-hacking division hacked
Question of the Day
SAN FRANCISCO (AP) - The world's biggest maker of data storage computers on Thursday said that its security division has been hacked, and that the intruders compromised a widely used technology for preventing computer break-ins.
The breach is an embarrassment for EMC Corp., also a premier security vendor, and potentially threatens highly sensitive computer systems.
The incident is a rare public acknowledgement by a security company that its internal anti-hacking technologies have been hacked. It is especially troubling because the technology sold by EMC's security division, RSA, plays an important role in making sure unauthorized people aren't allowed to log into heavily guarded networks.
The scope of the attack wasn't immediately known, but the potential fallout could be widespread. RSA's customers include the military, governments, various banks and medical facilities and health insurance outfits. EMC, which is based Hopkinton, Mass., itself is an RSA customer.
EMC said in a filing with the Securities and Exchange Commission that RSA was the victim of what is known as an "advanced persistent threat," industry jargon for a sophisticated computer attack. The term is often associated with corporate espionage, nation-state attacks, or high-level cybercriminal gangs.
EMC didn't offer clues about the suspected origin of the attack. It said it recently discovered an "extremely sophisticated" attack in progress against its networks and discovered that the infiltrators had made off with confidential data on RSA's SecurID products. The technology underpins the ubiquitous RSA-branded keychain "dongles" and other products that blanket important computer networks with an additional layer of protection.
The products make it harder for someone to break into a computer even if a password is stolen, for example. The RSA device, working in concert with back-end software, generates an additional password that only the holder of the device would know. But if a criminal can figure out how those additional passwords are generated, the system is at risk.
RSA is one of the best-known names for this type of "two-factor authentication" technology.
RSA declined to comment on what type, or how much, information was stolen.
Richard Stiennon, a security analyst with the IT-Harvest firm, said there would be "tremendous repercussions" if the criminals were able to silently tap into critical systems using the stolen information.
"You'd never have a sign that you've been breached," he said.
In its SEC filing, RSA said that it is "confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers." However, it warned that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."
"We have no evidence that customer security related to other RSA products has been similarly impacted," said the company's executive chairman, Art Coviello. "We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident."
The company said it is providing "immediate remediation steps" for customers. It didn't specify what those are. It outlined some generic security tips that offer clues about how its customers might be targeted with the information stolen from RSA, such as closely monitoring the use of social networking websites by people with access to critical networks and the need to educate employees on the danger of clicking on links or attachments in suspicious e-mails.
EMC said it doesn't expect the breach to have a meaningful impact on its financial results.
Its shares slipped 8 cents to $25.58 in extended trading Thursday. They ended the regular session up 25 cents at $25.56.
TWT Video Picks
By Ted Cruz
Banning speech with a constitutional amendment is playing with fire
- GOP: Lerner warned IRS employees to hide information from Congress
- GORDON: Russia plays its own game away from the World Cup
- ISTOOK: Flying illegals home would be 99.5 percent cheaper than Obamas plan
- White House plans for bowling alley upgrades abruptly canceled
- Obama requests $3.7 billion to fight surge of illegals
- Colorado man offers Obama a toke of marijuana a Rocky Mountain 'high'
- Islamic militants aim to take Baghdad airport
- Gun advocates credit new concealed carry laws for sharp drop in Chicago murder rate
- Power grab: EPA wants to garnish wages of polluters
- Malaysian MP not sorry for tweeting 'long live Hitler' after Germany win
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq
World Cup's sexiest WAGs
U.S.-Ghana World Cup opener