Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Botnet China Security IT

Tools, Techniques, Procedures of the RSA Hackers Revealed 54

Posted by timothy
from the more-links-than-a-sausage-factory dept.
An anonymous reader writes "Details of the tools, techniques and procedures used by the hackers behind the RSA security breach have been revealed in a research paper (PDF) published by Australian IT security company Command Five. The paper also, for the first time, explains links between the RSA hack and other major targeted attacks. This paper is a vendor-neutral must-read for any network defenders concerned by the hype surrounding 'Advanced Persistent Threats.'"
This discussion has been archived. No new comments can be posted.

Tools, Techniques, Procedures of the RSA Hackers Revealed

Comments Filter:
  • by Anonymous Coward on Sunday February 12, 2012 @02:15AM (#39009815)

    The Murcy malware is apparently also linked by the protocol it uses ('IP2B') to the Night Dragon attacks and a family of malware called the 'Destory RAT'. The shared infrastructure and tools indicate that the same attackers responsible for the SK Communications hack were behind both the RSA hack and Sykipot malware; presumably we can conclude that the description of their "Techniques and Procedures" applies equally to all.

  • by Anonymous Coward on Sunday February 12, 2012 @08:02AM (#39010473)

    well obviously, they're just proving that research papers are an
    excellent attack vector on folks who care about security and
    implement security recommendations blindly.

  • by sgt scrub (869860) <saintium@@@yahoo...com> on Sunday February 12, 2012 @10:33AM (#39011043)

    IMHO the most important thing in the article is that the malware was digitally signed. This exposes the weakness in digital signatures. Not only for applications and modules(drivers) but UEFI and all of the other "secure boot" ideas.

There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson