Two groups from the same country teamed up to launch a sophisticated attack against RSA Security's systems last March, EMC's security division said. Unspecified information gained during the attack paved the way towards an unsuccessful attack against a defence contractor (self-identified as Lockheed Martin), senior RSA execs …
"were looking for 'defence-related intellectual property'"
"Intellectual Property" is stuff you want to sell, but not really, so that you can have the cake and eat it too.
This is stuff you don't want to sell. It's called "secrets". Like in "trade secrets" or "defense secrets".
Are they really saying that they still wouldn't know what had happened if they hadn't just bought Netwitness?
I'm begiining to wonder
Whether internet connected corporate networks have a future long term... Ultimately it seems that whilst you may stop the script kiddies and the less sophisticated crooks at the cost of a serious amount of time and money if someone big enough is determined to breach your security then they will succeed sooner or later... So where will we go? F off big caching systems at the border perhaps? I remember in the early days of net security when we had insufficient confidence in our ability to secure access into our network we used various means to cross the border host to host. Maybe those days might come back again... Not a happy thought...
@I'm begiining to wonder
The lesson is not a new one - keep your secrets off any internet-connected machines. Have two networks, one private for all important stuff, one public-facing for customer related activities.
Old school physical entry or compromised staff are still ways of getting raided, but you no longer rely on the integrity of a billion lines of code written partly by low-cost code monkeys and peddled by vendors who are market focused (e.g. add features to sell new versions, rather than fixing problems).
OK, this won't happen due to cost and convenience issues, but its not exactly rocket science to avoid internet attack vectors.
Thats just what NetWitness is - full packet capture, storage for months/years and the ability to interogate that data.... its awesome
Except that solution doesn't work either.
It's too costly and inefficient. Even entities which try to implement that solution have been hacked. That's part of what Stuxnet was all about - bridging the air gap for the super-secure Iranian uranium processing plants.
"However with the skill and degree of resources involved it could only have been a nation state."
I would suggest it could only have been anything but.
Over reliance on the internet.
The problem is the over reliance on the internet as the transport medium, many years ago the only way I had to gain remote access was to dial a dedicated phone number, connect and sign-in. Once I had identified myself to the system I was disconnected and the system then rang me back to continue the session.
I not aware of any method to forge recipient phone numbers. I sure the system described above is still hackable but you need to physically tap the phone line first.
That was a decent solution when the networks were separated.
But these days even the phone companies are transforming the voice data in to ip packets and transferring them over the high speed backbones. And integrated telephony does make it possible to forge phone numbers. It's a brave new world out there. Best to have your IT MOP3 suit handy and keep it repaired.