Ten Years ago someone stole the keys to the Cyber Security Vault. Since then, things have never been the same.

CYRIN Newsletter

Ten Years ago someone stole the keys to the Cyber Security Vault.
Since then, things have never been the same.

Ten years ago, the computer systems of the corporate security giant RSA were hacked. The intruders’ final target? The secret keys known as “seeds,” “a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.”

In a fascinating retake in the May issue of Wired, according to reporter Andy Greenberg, those seeds were kept on a single – and well protected – server, which RSA called the “seed warehouse.”

As Wired reported, "They served as a crucial ingredient in one of RSA's core products: SecurID tokens—little fobs you carried in a pocket and pulled out to prove your identity by entering the six-digit codes that were constantly updated on the fob's screen. If someone could steal the seed values stored in that warehouse, they could potentially clone those SecurID tokens and silently break the two-factor authentication they offered, allowing hackers to instantly bypass that security system anywhere in the world, accessing anything from bank accounts to national security secrets.”

In 2011 when the hack happened, The New York Times asked, “How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?”

The RSA breach redefined the cybersecurity landscape. It was both wakeup call and warning. If even a security company can’t keep its assets safe, what about the rest of us?

According to Wired, that hack had actually put a whole lot of other people and companies at risk too. “The theft of the company's seed values meant that a critical safeguard had been removed from thousands of its customers’ networks.”

Ten years have passed since the RSA hack in 2011, and many of the people involved signed Non-Disclosure Agreements (NDAs) at that time, which have now expired, so people can learn more about everything that happened. Like the recent SolarWinds hack, the RSA attack revealed the power of going after the “middle man.” From a hackers’ perspective, trusted middle men are a gold mine because if you can breach those firms, then you have unlimited access or a gateway to thousands of other firms, most of whom are not paying much attention.

Organizations that can help

So what can your company do to better protect yourself, your networks, and your assets? Below please find some resources to help support cyber resiliency:

U.S. Government Resources

Non-Profit Organizations

Additional Resources

Can CYRIN Training help?

In a word, yes. We have some of the best content including skills development labs, individual or team exercises, and multiple cyber-attack scenarios. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and learners. Each learner or corporate trainee receives his/her own virtual instance of the CYRIN cyber range and completes “learn by doing” courses.

CYRIN, in a virtual environment, is as close to a real-world experience you can get.

In addition, CYRIN offers two unique features: Performance Monitoring – which allows learners to see their progress and allows instructors to follow individual student progress or track the progress of a whole group – and Exercise Builder, a patented tool that allows you to build your own labs, modify existing labs, or port your content to CYRIN’s training platform.

This allows CYRIN to continually build upon and add to the current 50+ interactive labs, individual or team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks. So we have the content, we can track the content, and, because of Exercise Builder, we always have more content in development for different pathways, scenarios and courses. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

< Read other CYRIN Newsletters

Contact Us for details or to Set Up a CYRIN Demo
+1-800-850-2170 sales@cyrintraining.com

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You