The commander of the U.S. Cyber Command, General Keith Alexander, told the Senate Armed Services Committee on Tuesday that China was responsible for last year’s attack on RSA, which resulted in alleged compromise of their SecurID tokens.
“We are seeing increased exploitation in to industry, government, other government agencies, and the theft to intellectual property is astounding,” General Alexander said.
RSA has never fully explained what was breached, but the attack was quickly blamed on a nation state, including China. All anyone knows for fact is that while the information stolen didn’t enable a direct attack on SecurID customers, it could have been potentially used “to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
During a briefing for press at RSA’s headquarters in Bedford, Mass. earlier this year, The Tech Herald learned that the primary reason that RSA would not comment on the identity of their attackers, or even offer speculation, was the lack of quality intelligence.
According to EMC’s security arm, the trail got cold when they investigated the breach. It was concluded that a nation state was to blame, but the company will not confirm or deny the speculation that China was responsible without solid facts.
While answering questions about intellectual property theft by China, General Alexander told the Armed Services Committee members that once recent example would be the attack on RSA.
“The ability to do it against a company like RSA is such a high-order capability that, if they can do it against RSA, that makes other companies vulnerable,” he said.
The idea, he added, is to “make it more difficult for the Chinese to do what they're doing.”
“The analogy that I’d put on the table is, we have all our money in our banks, but our banks have the money out on tables in New York City at the park. And we’re losing the money and we’re wondering why. Our intellectual property isn't well protected, and we can do a better job at protecting it.”
General Alexander was speaking to the Armed Services Committee as part of a review of the Defense Authorization Request for Fiscal Year 2013.