Wednesday, June 8, 2011

Hacker breaches the security of Australian Tax Office, Defence and Banks

The security of hundreds of thousands of security tokens (SecurID) used by Australian banks and their customers, the Defence Force and organisations such as the Tax Office to access computer systems is in doubt after a cyber attack.

RSA said yesterday it would reissue an unknown number of the estimated 40 million RSA SecurID fobs used worldwide. SecurID fobs are small, portable devices that generate a digital security code that changes every 60 seconds. They are most commonly used with a static PIN or password to access a computer system.

In March RSA customers were told the company had been the victim of "an extremely sophisticated cyber attack". But it was not until recently that full details were known. RSA's admission follows an attack on the defence contractor Lockheed Martin. The contractor said an attacker had tried to access its network using information about the fobs stolen from RSA in the March attack. But it had stopped the attacker stealing information.

Certain characteristics of the attack on RSA indicated the perpetrator's most likely motive was to obtain an element of security information that could be used to target defence secrets and related intellectual property.

David Kenny, the deputy secretary of the Department of Parliamentary Services, said the department had 1800 of the SecurID tokens used by staff and MPs. The department was arranging replacement.

The Department of Veterans' Affairs was considering RSA's offer to replace SecurID tokens at no cost. Westpac bank confirmed that it did not see an immediate need to replace its customer fobs as it had not been compromised. The Tax Office was arranging replacements.

The attack meant many organisations would see a need to beef up their security. To be successful an attacker would need certain information from the SecurID token, such as the username and PIN or password.

This can often be swiped by a user handling over their details in an email to a hacker pretending to be from the organisation that issued the fob. Without some of these details it would be difficult for a hacker to gain entry to a network.

Refer here for further details.

No comments: