It is just me, or is Internet security itself undergoing a hacker siege?
The virtual ink was still wet on my blog last week about Advanced Persistent Threats (APTs) when news broke that a sophisticated cyber-attack had been mounted against RSA Security Inc. (Nasdaq: EMC), an attack the well known provider of security solutions describes as an APT.
To match this, we now hear of the hacking of security vendor Comodo, which led to nine SSL certificates being erroneously issued to the hackers for major sites including Google, Skype, Mozilla, Yahoo, and Windows Live. Using these phony certificates, a hacker could lure in users by mimicking the real Websites, so that browsers would recognize the hacker sites as genuine secured sites.
These are just a couple of major examples of hackers causing further loss of trust in the devices most enterprises depend on for safe Internet transactions.
In the RSA case, the company (the Security Division of EMC) admitted that information was extracted relating to its flagship two-factor authentication solution known as SecurID.
The Comodo incident is more worrisome, as it undermines enterprises’ trust in HTTPS and certificate authorities (CAs).
In both the RSA and the Comodo cases, the security companies have been, not surprisingly, quick to reassure their enterprise customers.
RSA has publically claimed that the hack would not allow a “direct attack” on SecureID tokens, while at the same time not actually denying that seed codes used in the synchronization process of the tokens had been stolen. These, in the wrong hands, could be used to create fake tokens with the possibility for further attacks against targeted networks.
Likewise, Comodo, quick with its reassurance to enterprises and the general public, stressed how quickly the certificates were revoked.
But to see just how potentially serious this hack was, consider that most major browser suppliers, including Microsoft, Google, and Firefox, were obliged to release browser updates overnight solely to protect against the fake Comodo certificates.
It should be added that because the use of one of the Comodo hacked certificates came via an Iranian IP address, press have headlined this as obviously an attack from Iran. This is nonsense, since the Iranian IP address is a Tor node for anonymous proxy use. Neither Comodo nor anyone else has the faintest clue as to the real origin of the hackers.
Meanwhile, it is ironic that RSA promotes its SecurID product as the Gold Standard in two-factor user authentication. RSA claims excellence in each of six categories for the authentication, with Strength of Security topping the list.
But RSA’s security process of two-factor authentication, which once was believed to be virtually unbreakable, should now be considered hackable. Just as worrisome, if the security division of an organization that advises the rest of us on how better to protect ourselves against hackers becomes the successful target of an attack, then there really seems little hope for us poor mortals.
Recently, as a plug for RSA to become the core one-stop-shop for enterprise security, Bret Hartman, chief technology officer at RSA, said:
To manage security at the speed and scale of the cloud and to deal with unpredictable adaptive threats such as APTs, organizations need to build upon the capabilities of today’s SOCs [security operations centers] evolving their security operations to effectively manage these new threats.
Even more of an irony: Comodo’s HackerProof product for enterprises is promoted as ensuring "that the website is on the bleeding edge of security and one step ahead of hackers. No other trustmark provides the robust features and value of Comodo's HackerProof."
Overall, recent events clearly demonstrate that despite all the current emphasis on encryption and secure devices for enterprises on the Internet, hackers still have the upper hand.
— Jart Armin, Editor of RBNexploit.com, a watch blog on the infamous RBN (Russian Business Network), and HostExploit.com