Crackers Cripple RSA Server Twice

With a marketing slogan that reads “The most trusted name in e-security,” RSA Security, Inc. (Nasdaq:RSAS) already suffered some loss of face early Sunday morning when it discovered that one of its servers had been compromised by pranksters whose hobby it is to deface Web pages. Then it happened again.

RSA Security is one of the world’s leading commercial encryption, public key management and electronic authentication solutions companies. Ironically, on Friday, RSA had been trumpeting “cryptographic countermeasures” it is currently developing to help companies ward off the kinds of denial-of-service (DoS) attacks that struck many high-profile Web destinations last week.

The hackers, who defaced a site belonging to RSA just before midnight EST Saturday, didn’t miss the irony, and left in their own version of an RSA home page a link to a company press release describing its “client puzzle” method for authenticating client requests arriving at Internet servers.

Hackers responsible for the recent spate of denial of service attacks are believed to have exploited other Internet-connected hosts with poor security to mount their onslaught’s remotely.

Not Main Destination

The RSA Web server that came under attack is not the company’s main destination. Usually, visitors to the former site are automatically relayed to the primary corporate pages at the second address.

During the first breach, a hacker using the alias “Coolio” also left the statement: “RSA Security inc. Hacked. Trust us with your data! Praise Allah! The most trusted name in E-security has been owned.”

The hacker also added a modified image from the company’s primary Web site to the page, stamping the letter “L” on the foreheads of two male models in the photograph.

Less-Sophisticated Prank

Later Sunday evening, after the first defacing had been tidied up, a hacker using the alias “tek” defaced the site again in a less-sophisticated prank, posting mostly profanities.

The machine that hosts the Web page runs Red Hat’s version of Linux and the freely available Apache Web server software. The company’s main Web site is on Windows NT machine running Microsoft’s IIS 4.0 Web server software.

The Wall Street Journal today reported that RSA Marketing VP Scott Schnell said that after the first attack that the company was working with its Internet service provider to close the security hole on the targeted server.