In March of 2011, security vendor RSA was the target of an attack that compromised sensitive data related to the company's flagship SecurID product. The solution was in-use by thousands of high-profile clients around the world, including the U.S. government and an array of U.S. defense contractors.
The company's leadership knew they had been breached in a sophisticated APT-style attack, but it was unknown whether the attackers had gained access to the cryptographic keys needed to decrypt sensitive client data.
In this special episode of the Malicious Life Podcast, host Ran Levy is joined by two former RSA executives who were integral to the company's incident response at the time of the attacks and only recently were released from a 10-year NDA that barred them from discussing the incident.
For the first time, they elaborate in detail on how the events unfolded and share the untold story behind one of the most impactful attacks of all time. Ran also talks with Wired Magazine's Andy Greenberg who provides some context on why the RSA breach was such a watershed moment for the security industry (part 2 available here).